[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] PKCS#12 decrypt() problem



Cipher operation mode (ENCRYPT MODE, DECRYPT MODE)  initialization is done
by means of the constructor. When creating a new PKCS12 object for
certificate bags and keybag to be encrypted, the cipher is set to
ENCRYPT_MODE. When parsing (decoding) an already existing PKCS12 object, the
mode is set to DECRYPT_MODE.

So, when you call decrypt() for your object the cipher still is in encrypt
mode. Calling decrypt only makes sense on PKCS12 objects created from an
ASN.1 object or input stream supplying the DER encoded PKCS12 object.

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: Tom Runnacles <thr1@elec.qmw.ac.uk>
An: <iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Montag, 21. Juni 1999 15:42
Betreff: [iaik-jce] PKCS#12 decrypt() problem


> Hi,
>
> I'm having problems using the decrypt() method in the PKCS#12 class.
> Here's what my code does:
>
> (1) generate a key pair and an X509
> (2) sign the X509 with the CA private key
> (3) Put the key pair and the X509 in a KeyBag and a CertificateBag
> respectively
> (4) Make a PKCS#12 object out of the two bags
> (5) Encrypt the PKCS#12 object with a password
> (6) Try to decrypt the PKCS#12 with a password supplied by the user
>
> Everything's fine for steps (1)-(5), but (6) doesn't seem to work at
> all.  I get ASN1coding exceptions and IndexArrayOutOfBounds exceptions
> when the wrong password is entered, and it only sometimes decrypts
> successfully when the correct password is entered.  Any solutions?  The
> actual source code is this:
>
> import iaik.security.provider.*;
> import iaik.security.provider.IAIK;
> import iaik.pkcs.pkcs12.KeyBag;
> import iaik.pkcs.pkcs12.PKCS12;
> import iaik.pkcs.pkcs12.CertificateBag;
> import iaik.x509.*;
> import iaik.asn1.structures.*;
> import iaik.asn1.*;
> import iaik.pkcs.PKCSException;
>
> import java.security.cert.CertificateException;
> import java.math.BigInteger;
> import java.util.*;
> import java.security.*;
> import java.io.*;
>
> class PKCS12Demo
> {
>     public static void main(String[] args) throws Exception
>     {
>         IAIK.addAsProvider(true);
>
>         file://Generate CA RSA Key Pair
>         KeyPairGenerator gen1=KeyPairGenerator.getInstance("RSA",
> "IAIK");
> gen1.initialize(512);
> System.out.println("Generating CA RSA Key Pair");
> System.out.flush();
> KeyPair CAkp=gen1.generateKeyPair();
>
>         // Generate Client RSA Key Pair
>         KeyPairGenerator gen2=KeyPairGenerator.getInstance("RSA",
> "IAIK");
> gen2.initialize(512);
> System.out.println("Generating Client RSA Key Pair");
> System.out.flush();
> KeyPair Clientkp=gen2.generateKeyPair();
>
> // Generate Client X509 Certificate
>         System.out.println("Generating Client X509 Certificate");
> X509Certificate ClientCert=new X509Certificate();
> ClientCert.setSerialNumber(BigInteger.valueOf(0x1234L));
> Name ClientName=new Name();
> ClientName.addRDN(ObjectID.country, "UK");
> ClientName.addRDN(ObjectID.organization, "QMW");
> ClientName.addRDN(ObjectID.organizationalUnit, "Computer Science
> Department");
> ClientName.addRDN(ObjectID.commonName, "Tom Runnacles");
> ClientCert.setSubjectDN(ClientName);
> GregorianCalendar today=new GregorianCalendar();
> ClientCert.setValidNotBefore(today.getTime());
> today.add(Calendar.MONTH, 6);
> ClientCert.setValidNotAfter(today.getTime());
> ClientCert.setIssuerDN(ClientName);
> ClientCert.setPublicKey(Clientkp.getPublic());
>
> // Then sign the Client X509
> System.out.println("Signing the Client X509 Certificate with the CA
> Private key");
> ClientCert.sign(AlgorithmID.md5WithRSAEncryption, CAkp.getPrivate());
>
> // Put the key-pair in a KeyBag
> System.out.println("Putting the Client's private key in a KeyBag");
> KeyBag kbag=new KeyBag(Clientkp.getPrivate());
>
>
> // Put the client X509 in a CertificateBag
> System.out.println("Putting the Client's X509 in a Certificate Bag");
> CertificateBag[] cbag=new CertificateBag[1];
> cbag[0]=new CertificateBag(ClientCert);
>
> // Put both bags in a PKCS#12
> System.out.println("Putting the KeyBag and the Certificate bag in a
> PKCS12 object");
>
> PKCS12 test=new PKCS12(kbag, cbag, false);
> String password="hello";
> char[] passch=password.toCharArray();
> test.encrypt(passch);
>
> // Test the encryption
> BufferedReader br=new BufferedReader(new
> InputStreamReader(System.in));
> boolean decrypts=false;
> while (!decrypts)
> {
>
>     System.out.println("Please enter the password for the PKCS12
> object");
>     String trypass=br.readLine();
>     char[] trychar=trypass.toCharArray();
>
>     try
>     {
>         test.decrypt(trychar);
>         System.out.println("The PCKS12 object decrypts with the
> password entered");
>         decrypts=true;
>     }
>     catch (PKCSException e2)
>     {
>         Thread.dumpStack();
>         System.out.println(e2.getMessage());
>         System.out.println("The PKCS12 does not decrpyt with that
> password");
>     }
>     catch (ArrayIndexOutOfBoundsException e3)
>     {
>         System.out.println("ArrayIndexOutOfBoundsException thrown");
>         System.out.println(e3.getMessage());
>
>     }
>
> }
> }
> }
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>


smime.p7s