[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] problems with SignedAndEnvelopedDataStream



SignedEnvelopedDataStream signed_enveloped_data = new
SignedEnvelopedDataStream(is, algorithm); only will work for algorithms
having a fixed key length and using an IV as only parameter to be send as
OCTET_STRING in the parameters field of the AlgorithmID. Currently there is
no way for using ciphers not falling under these constraints with class
SignedAndEnvelopedDataStream.
However, it is recommended to use a sequential combination of SignedData and
EnvelopedData type instead of SignedAndEnveloped data type (look at the
SignedAndEncrypted demo of demo.pkcs.PKCS7Stream sample). Although the
EnvelopedDataStream(is, algorithm) constructor only can be used for
algorithms like above, there is way to work with other algorithms by
explicitly doing key handling and parameter en/decoding by means of class
EncryptedContentInfoStream (see JCE.MailingList:
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/msg00233.html (Re:
Cipher Exceptions) or attachment).

Dieter Bratko

----- Original Message -----
From: Conturbia Riccardo <s75918@dilbert.polito.it>
To: <iaik-jce@iaik.tu-graz.ac.at>
Sent: Wednesday, December 01, 1999 11:39 AM
Subject: [iaik-jce] problems with SignedAndEnvelopedDataStream


> It seems that I made some mistake... as usual... :)
>
> I try to create a SignedAndEnvelopedDataStream with the code:
>
>
> SignedAndEnvelopedDataStream saed = new
> SignedAndEnvelopedDataStream(data_is, algoritmoDiCifratura);
>
> where algoritmoDiCifratura is one of the following AlgortithmID:
>
> des_EDE3_CBC
> cast5_CBC
> des_CBC
> rc2_CBC
> rc4
>
> DES-based algorithms work fine, but with the others I get some errors:
>
> when I use cast5_CBC the following error occurs:
> ----------------------------------------------------------
> iaik.utils.InternalErrorException: Internal Key problem.
>         at java.lang.Throwable.<init>(Compiled Code)
>         at java.lang.Exception.<init>(Compiled Code)
>         at java.lang.RuntimeException.<init>(Compiled Code)
>         at iaik.utils.InternalErrorException.<init>(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Compiled Code)
>         at PKCS7File4.writeTo(Compiled Code)
>         at MyMessage4.sendCryptedToServer(Compiled Code)
>         at CryptingApplet10.action(Compiled Code)
>         at java.awt.Component.handleEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.dispatchEventImpl(Compiled Code)
>         at java.awt.Component.dispatchEvent(Compiled Code)
>         at java.awt.EventDispatchThread.run(Compiled Code)
> Internal Key problem.
> iaik.utils.InternalErrorException: Internal Key problem.
>         at java.lang.Throwable.<init>(Compiled Code)
>         at java.lang.Exception.<init>(Compiled Code)
>         at java.lang.RuntimeException.<init>(Compiled Code)
>         at iaik.utils.InternalErrorException.<init>(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Compiled Code)
>         at PKCS7File4.writeTo(Compiled Code)
>         at MyMessage4.sendCryptedToServer(Compiled Code)
>         at CryptingApplet10.action(Compiled Code)
>         at java.awt.Component.handleEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.dispatchEventImpl(Compiled Code)
>         at java.awt.Component.dispatchEvent(Compiled Code)
>         at java.awt.EventDispatchThread.run(Compiled Code)
> -----------------------------------------------------------
>
> with rc2_CBC:
> ----------------------------------------------------------
> -1
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at iaik.security.cipher.i.a(Compiled Code)
>         at iaik.security.cipher.i.engineInit(Compiled Code)
>         at iaik.security.cipher.qb.engineInit(Compiled Code)
>         at javax.crypto.Cipher.init(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Compiled Code)
>         at PKCS7File4.writeTo(Compiled Code)
>         at MyMessage4.sendCryptedToServer(Compiled Code)
>         at CryptingApplet10.action(Compiled Code)
>         at java.awt.Component.handleEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.dispatchEventImpl(Compiled Code)
>         at java.awt.Component.dispatchEvent(Compiled Code)
>         at java.awt.EventDispatchThread.run(Compiled Code)
> ---------------------------------------------------------------
>
> and with rc4 a similar error:
> --------------------------------------------------------------
>
> 0
> java.lang.ArrayIndexOutOfBoundsException: 0
>         at iaik.security.cipher.h.a(Compiled Code)
>         at iaik.security.cipher.h.engineInit(Compiled Code)
>         at iaik.security.cipher.qb.engineInit(Compiled Code)
>         at javax.crypto.Cipher.init(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Compiled Code)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Compiled Code)
>         at PKCS7File4.writeTo(Compiled Code)
>         at MyMessage4.sendCryptedToServer(Compiled Code)
>         at CryptingApplet10.action(Compiled Code)
>         at java.awt.Component.handleEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.postEvent(Compiled Code)
>         at java.awt.Component.dispatchEventImpl(Compiled Code)
>         at java.awt.Component.dispatchEvent(Compiled Code)
>         at java.awt.EventDispatchThread.run(Compiled Code)
> ------------------------------------------------------------------
>
> Am I wrong if I try to use those algorithms?
> Could you help me, please?
>
> Thank you all,
>
> Riccardo Conturbia
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
Title: Re: [iaik-jce] Ciphers exceptions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Ciphers exceptions



Hello,
 
EnvelopedDataStream enveloped_data = new EnvelopedDataStream(is, algorithm); only will work for algorithms having a fixed key length and using an IV as only parameter to be send as OCTET_STRING in the parameters field of the AlgorithmID. For algorithms where the key length may vary and/or parameters may have a different encoding/meaning, key generation has to be done outside EnvelopedDataStream - because currently no default length is used - and parameter encoding has to be explicitly performed.
 
The basic proceeding will be the same for all algorithms:
 
CREATION:
// the data input stream
InputStream is = ...;
// create a secretKey with desired key length:
int keyLength = ...;
SecretKey secretKey = ...;
 
// the content encryption AlgorithmID:
    // e.g.:
       // RC2:
       AlgorithmID contentEA = AlgorithmID.rc2_CBC
       // CAST5:
       AlgorithmID contentEA = AlgorithmID.cast5_CBC 
       // RC4: must be explicitly created here since IAIK-JCE AlgorithmID currently sets a wrong implementation name for RC4 
      AlgorithmID contentEA = new AlgorithmID("1.2.840.113549.3.4", "RC4", "RC4/ECB/NoPadding");
       
// the parameters (if required by the algorithm):
AlgorithmParameterSpec params = null;
    // e.g.:
     // RC2: (see RFC 2268), and S/MIME spec
     byte[] iv = ...;
     params = new RC2ParameterSpec(keyLength,iv);  // assuming the effective-key-bits = keyLength
     // or: params = new IvParameterSpec(iv);
     SEQUENCE parameter = new SEQUENCE();
    // calculate the rc2ParameterVersion according to RFC 2268; for S/MIME 160, 120, 58 for effective key bits 40, 64, and 128 respectively
     parameter.addComponent(new INTEGER(rc2ParameterVersion));
     parameter.addComponent(new OCTET_STRING(iv));
     contentEA.setParameter(parameter);
       
     // for CAST5:
     byte[] iv = ...;
     params = new IvParameterSpec(iv);
     OCTET_STRING oct = new IvParameterSpec(iv);
     contentEA.setParameter(oct);
 
    // for RC4:
    params = null;
 
// now create EncryptedContentInfo:    
EncryptedContentInfoStream eci = new EncryptedContentInfoStream(ObjectID.pkcs7_data, is);
 
// setup the cipher:
eci.setupCipher(contentEA, secretKey, params);
 
// create the recipient infos, e.g.:
RecipientInfo[] recipients = new RecipientInfo[2];
recipients[0] = new RecipientInfo(recipientCert0, AlgorithmID.rsaEncryption);
recipients[0].encryptKey(secretKey);
recipients[1] = new RecipientInfo(recipientCert1, AlgorithmID.rsaEncryption);
recipients[1].encryptKey(secretKey);
 
// create the EnvelopedDataStream
EnvelopedDataStream enveloped_data = new EnvelopedDataStream(recipients, eci);
// write enveloped data
enveloped_data.writeTo(os, blockSize);
     
PARSING:
EnvelopedDataStream enveloped_data = new EnvelopedDataStream(encoded_stream);
      
// get the recipient infos
RecipientInfo[] recipients = enveloped_data.getRecipientInfos();
for (int i=0; i<recipients.length; i++) {
   System.out.print(recipients[i].getIssuerAndSerialNumber());
 }
// use the specific recipientīs private key for decrypting the symmetric content encryption key, e.g.:
SecretKey secretKey = recipients[0].decryptKey(recipient0PrivateKey);
 
// get the ECI from the enveloped data:
EncryptedContentInfoStream eci = (EncryptedContentInfoStream)enveloped_data.getEncryptedContentInfo();
// get the content encryption algorithm:
AlgorithmID contentEA = eci.getContentEncryptionAlgorithm();
System.out.println("Alg: " + contentEA);
// parse the parameters:
AlgorithmParameterSpec params = null;
 
   // RC2: 
          // get the parameters as SEQUENCE
        SEQUENCE seq = (SEQUENCE)contentEA.getParameter();
        // the iv is the second component
        OCTET_STRING oct = (OCTET_STRING)seq.getComponentAt(1);
        // create an IvParameterSpec:
        params = new IvParameterSpec((byte[])oct.getValue());
       
   // CAST5:
        OCTET_STRING oct = (OCTET_STRING)contentEA.getParameter();
        // create an IvParameterSpec:
        params = new IvParameterSpec((byte[])oct.getValue());
    
   // RC4: 
        params = null; 
      
    
// setup the cipher for decryption
eci.setupCipher(secretKey, params);
// get and read the data thereby actually performing the decryption
InputStream data_is = eci.getInputStream();
...
 
 
Note that when using RC2_CBC, parameters for cipher setup can be supplied as IvParameterSpec or RC2ParameterSpec, latter specifying IV and effective key bits. Both types of parameters will have the same effect, since currently IAIK-JCE assumes that effective-key-length is equal to the actual keyLength. This will be updated in next version of IAIK-JCE.
 
 
Dieter Bratko
 
----- Original Message -----
From: Ingrassia Vito <ingrassi@cefriel.it>
To: <iaik-jce@iaik.tu-graz.ac.at>
Sent: Tuesday, August 03, 1999 2:08 PM
Subject: [iaik-jce] Ciphers exceptions

> Hello,
>
> I'm working with  iaik.pkcs.pkcs7.EnvelopedDataStream  class.
> I'm able to crate an EnvelopedDataStream  and to retrieve from it
> the encrypted content for each recipients. In my code I use AlgorithmID
> objects
> for these ciphers: DES, 3DES IDEA (ECB and CBC), RC2 (ECB and CBC), RC4 ,
> CAST5.
> I created AlgorithmID objects when AlgorithmID class not supply them.
> In case of IDEA CBC , for instance,
> new AlgorithmID("1.3.6.1.4.1.188.7.1.1.2", "IDEA_CBC",
> "IDEA/CBC/PKCS5Padding");
> My code includes:
>
> AlgorithmID algorithm = (I try it for each above cipher )
> algorithm.setParameter( new OCTET_STRING( bytes ) );
> EnvelopedDataStream enveloped_data = new EnvelopedDataStream(is, algorithm);
> enveloped_data.setRecipientInfos(recipients);
>
> This code don't give me any problem and also on the recipient side I work
> fine.
> But this is true only for DES, IDEA, 3DES (ECB and CBC mode);
>
> With RC2, RC4, CAST5  I catch    these exceptions  in EnvelopedDataStream
> contructor.
>
> RC2_CBC
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at iaik.security.cipher.h.a(Unknown Source)
>         at iaik.security.cipher.h.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> RC2_ECB
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at iaik.security.cipher.h.a(Unknown Source)
>         at iaik.security.cipher.h.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> RC4
> java.lang.ArrayIndexOutOfBoundsException: 0
>         at iaik.security.cipher.g.a(Unknown Source)
>         at iaik.security.cipher.g.engineInit(Unknown Source)
>         at iaik.security.cipher.v.engineInit(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
> CAST5_CBC
> iaik.utils.InternalErrorException: Internal Key problem.
>         at iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
> Source)
>         at iaik.pkcs.pkcs7.EnvelopedDataStream.<init>(Unknown Source)
>
> ............................................................................
> .....
>
>
> I'm wondering if this ciphers requires a particular key/parameter
> handling and in this case the contructor
>
> EnvelopedDataStream(RecipientInfo[], EncryptedContentInfoStream)
>
> must be use as you explained me in a previous e-mail.
>
> If it's true what I suppose
> ( and so the code
> -------> algorithm.setParameter( new OCTET_STRING( bytes ) )
> is wrong )
> how can I  create AlgorithmParameters  object  for  this  ciphers to use in
> AlgortihmID.setAlgortihmParameters(AlgorithmPAramters ap )
> and in  EncryptedContentInfoStream.setupCipher( algorithm, secretKey,
> ap.getParameterSpec(paramSpec.class)
> methods ?
>
> Sorry, but I didin't find the example you suggested me to see.
>
> P.S. AlgorithmParameters.getInstance( "name", "providr" ) is only available
> for DiffieHellman and PBE. But I found in  JCE Specification & Reference
> that  the following names can be
> used when requesting an instance of AlgortihmParameters:
> DES, DESede, PBE, Blowfish, DiffieHellmann. So I expected implementation
> for these ciphers and for those you add  in IAIK-JCE (RC2, RC4 ...).
> In what I'm failing?
>
>
> Thanks very much (also for previous answers),
> Vito
>
>
>
> --
> Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce
>  
>

smime.p7s