[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Ciphers exceptions

To: <ingrassi@cefriel.it>, <iaik-jce@iaik.tu-graz.ac.at>
Subject: Re: [iaik-jce] Ciphers exceptions
From: "Dieter Bratko" <Dieter.Bratko@iaik.at>
Date: Wed, 11 Aug 1999 12:22:38 +0200
References: <000101bedda8$f4406e20$9805af83@afrodite.cefriel.it>
Sender: iaik-jce-owner@iaik.tu-graz.ac.at

Hello,

EnvelopedDataStream enveloped_data = new EnvelopedDataStream(is, algorithm); only will work for algorithms having a fixed key length and using an IV as only parameter to be send as OCTET_STRING in the parameters field of the AlgorithmID. For algorithms where the key length may vary and/or parameters may have a different encoding/meaning, key generation has to be done outside EnvelopedDataStream - because currently no default length is used - and parameter encoding has to be explicitly performed.

The basic proceeding will be the same for all algorithms:

CREATION:

// the data input stream

InputStream is = ...;

// create a secretKey with desired key length:

int keyLength = ...;

SecretKey secretKey = ...;

// the content encryption AlgorithmID:

// e.g.:

// RC2:

AlgorithmID contentEA = AlgorithmID.rc2_CBC

// CAST5:

AlgorithmID contentEA = AlgorithmID.cast5_CBC

// RC4: must be explicitly created here since IAIK-JCE AlgorithmID currently sets a wrong implementation name for RC4

AlgorithmID contentEA = new AlgorithmID("1.2.840.113549.3.4", "RC4", "RC4/ECB/NoPadding");

// the parameters (if required by the algorithm):

AlgorithmParameterSpec params = null;

// e.g.:

// RC2: (see RFC 2268), and S/MIME spec

byte[] iv = ...;

params = new RC2ParameterSpec(keyLength,iv); // assuming the effective-key-bits = keyLength

// or: params = new IvParameterSpec(iv);

SEQUENCE parameter = new SEQUENCE();

// calculate the rc2ParameterVersion according to RFC 2268; for S/MIME 160, 120, 58 for effective key bits 40, 64, and 128 respectively

     parameter.addComponent(new INTEGER(rc2ParameterVersion));
     parameter.addComponent(new OCTET_STRING(iv));
     contentEA.setParameter(parameter);

// for CAST5:

byte[] iv = ...;

params = new IvParameterSpec(iv);

OCTET_STRING oct = new IvParameterSpec(iv);

contentEA.setParameter(oct);

// for RC4:

params = null;

// now create EncryptedContentInfo:

EncryptedContentInfoStream eci = new EncryptedContentInfoStream(ObjectID.pkcs7_data, is);

// setup the cipher:

eci.setupCipher(contentEA, secretKey, params);

// create the recipient infos, e.g.:
RecipientInfo[] recipients = new RecipientInfo[2];
recipients[0] = new RecipientInfo(recipientCert0, AlgorithmID.rsaEncryption);
recipients[0].encryptKey(secretKey);
recipients[1] = new RecipientInfo(recipientCert1, AlgorithmID.rsaEncryption);
recipients[1].encryptKey(secretKey);

// create the EnvelopedDataStream

EnvelopedDataStream enveloped_data = new EnvelopedDataStream(recipients, eci);

// write enveloped data

enveloped_data.writeTo(os, blockSize);

PARSING:

EnvelopedDataStream enveloped_data = new EnvelopedDataStream(encoded_stream);

// get the recipient infos
RecipientInfo[] recipients = enveloped_data.getRecipientInfos();
for (int i=0; i<recipients.length; i++) {
System.out.print(recipients[i].getIssuerAndSerialNumber());
}

// use the specific recipient´s private key for decrypting the symmetric content encryption key, e.g.:
SecretKey secretKey = recipients[0].decryptKey(recipient0PrivateKey);

// get the ECI from the enveloped data:
EncryptedContentInfoStream eci = (EncryptedContentInfoStream)enveloped_data.getEncryptedContentInfo();

// get the content encryption algorithm:

AlgorithmID contentEA = eci.getContentEncryptionAlgorithm();
System.out.println("Alg: " + contentEA);

// parse the parameters:

AlgorithmParameterSpec params = null;

   // RC2:
          // get the parameters as SEQUENCE
        SEQUENCE seq = (SEQUENCE)contentEA.getParameter();
        // the iv is the second component
        OCTET_STRING oct = (OCTET_STRING)seq.getComponentAt(1);
        // create an IvParameterSpec:
        params = new IvParameterSpec((byte[])oct.getValue());

   // CAST5:
        OCTET_STRING oct = (OCTET_STRING)contentEA.getParameter();
        // create an IvParameterSpec:
        params = new IvParameterSpec((byte[])oct.getValue());

// RC4:

        params = null;


// setup the cipher for decryption
eci.setupCipher(secretKey, params);
// get and read the data thereby actually performing the decryption
InputStream data_is = eci.getInputStream();

...

Note that when using RC2_CBC, parameters for cipher setup can be supplied as IvParameterSpec or RC2ParameterSpec, latter specifying IV and effective key bits. Both types of parameters will have the same effect, since currently IAIK-JCE assumes that effective-key-length is equal to the actual keyLength. This will be updated in next version of IAIK-JCE.

Dieter Bratko

----- Original Message -----

From: Ingrassia Vito <ingrassi@cefriel.it>

To: <iaik-jce@iaik.tu-graz.ac.at>

Sent: Tuesday, August 03, 1999 2:08 PM

Subject: [iaik-jce] Ciphers exceptions

> Hello,
>
> I'm working with iaik.pkcs.pkcs7.EnvelopedDataStream class.
> I'm able to crate an EnvelopedDataStream and to retrieve from it
> the encrypted content for each recipients. In my code I use AlgorithmID
> objects
> for these ciphers: DES, 3DES IDEA (ECB and CBC), RC2 (ECB and CBC), RC4 ,
> CAST5.
> I created AlgorithmID objects when AlgorithmID class not supply them.
> In case of IDEA CBC , for instance,
> new AlgorithmID("1.3.6.1.4.1.188.7.1.1.2", "IDEA_CBC",
> "IDEA/CBC/PKCS5Padding");
> My code includes:
>
> AlgorithmID algorithm = (I try it for each above cipher )
> algorithm.setParameter( new OCTET_STRING( bytes ) );
> EnvelopedDataStream enveloped_data = new EnvelopedDataStream(is, algorithm);
> enveloped_data.setRecipientInfos(recipients);
>
> This code don't give me any problem and also on the recipient side I work
> fine.
> But this is true only for DES, IDEA, 3DES (ECB and CBC mode);
>
> With RC2, RC4, CAST5 I catch    these exceptions in EnvelopedDataStream
> contructor.
>
> RC2_CBC
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at iaik.security.cipher.h.a(Unknown Source)
>         at iaik.security.cipher.h.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> RC2_ECB
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at iaik.security.cipher.h.a(Unknown Source)
>         at iaik.security.cipher.h.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> RC4
> java.lang.ArrayIndexOutOfBoundsException: 0
>         at iaik.security.cipher.g.a(Unknown Source)
>         at iaik.security.cipher.g.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> CAST5_CBC
> iaik.utils.InternalErrorException: Internal Key problem.
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
>
> I'm wondering if this ciphers requires a particular key/parameter
> handling and in this case the contructor
>
> EnvelopedDataStream(RecipientInfo[], EncryptedContentInfoStream)
>
> must be use as you explained me in a previous e-mail.
>
> If it's true what I suppose
> ( and so the code
> -------> algorithm.setParameter( new OCTET_STRING( bytes ) )
> is wrong )
> how can I create AlgorithmParameters object for this ciphers to use in
> AlgortihmID.setAlgortihmParameters(AlgorithmPAramters ap )
> and in EncryptedContentInfoStream.setupCipher( algorithm, secretKey,
> ap.getParameterSpec(paramSpec.class)
> methods ?
>
> Sorry, but I didin't find the example you suggested me to see.
>
> P.S. AlgorithmParameters.getInstance( "name", "providr" ) is only available
> for DiffieHellman and PBE. But I found in JCE Specification & Reference
> that the following names can be
> used when requesting an instance of AlgortihmParameters:
> DES, DESede, PBE, Blowfish, DiffieHellmann. So I expected implementation
> for these ciphers and for those you add in IAIK-JCE (RC2, RC4 ...).
> In what I'm failing?
>
>
> Thanks very much (also for previous answers),
> Vito
>
>
>
> --
> Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce
>
>

smime.p7s

References:
- [iaik-jce] Ciphers exceptions
  - From: "Ingrassia Vito" <ingrassi@cefriel.it>

Prev by Date: Re: [iaik-jce] [iaik-ssl] certificateTypes check in getCertificate() with RSAPublicKey i/f
Next by Date: [iaik-jce] certificateTypes check in getCertificate() with RSAPublicKey i/f
Prev by thread: [iaik-jce] Ciphers exceptions
Next by thread: [iaik-jce] Provider "IAIK" not found
Index(es):
- Date
- Thread