[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Help! BadPaddingException when decrypting PKCS12



Hello all,

I'm using the IAIK JCE 2.6 and the iSaSiLk toolkit version 3.01.  I am
getting a BadPaddingException when decrypting a PKCS12 file.  The exception
thrown to my program is a PKCSException saying "Unable to decrypt private
key!".  I use Visual J++; this IDE lets me break on every exception thrown,
so I was able to see the actual problem was a BadPaddingException.  The
stack trace is:

 	iaik.security.cipher.l.b(param0, param1, param2)
	iaik.security.cipher.BufferedCipher.a(param0, param1, param2,
param3, param4, param5)
iaik.security.cipher.BufferedCipher.engineDoFinal(param0, param1, param2)
 	javax.crypto.Cipher.doFinal(param0)
 	iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.decrypt(param0)
 	iaik.pkcs.pkcs12.PKCS8ShroudedKeyBag.decrypt(param0)
 	iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(param0)
 	iaik.pkcs.pkcs12.PKCS12.decrypt(param0)

This exception happens with every PKCS12 certificate I attempt to decrypt,
whether or not the password is correct.  The PKCS12 file was generated from
Microsoft's Certificate Export Wizard and includes both the private and
public keys.  I did not choose the "enhanced security" setting in the
wizard.  Windows is able to load these PKCS12 certificates.

The code I use follows the examples given by the documentation:

			FileInputStream fileIn = new FileInputStream (file);
			BufferedInputStream in = new BufferedInputStream
(fileIn);
			PKCS12 pkcs12 = new PKCS12 (in);
			String password = "test";
			pkcs12.verify (password.toCharArray ());
			pkcs12.decrypt (password.toCharArray ());

I expected IAIK's JCE to be able to parse any PKCS12 file.  What is wrong?
The messages I read in the archives mentioned problems matching public keys
to private keys, but I'm not doing that here.

The PKCS12.toString () method returns

	PKCS#12 object:
	Version: 3
	AuthenticatedSafe: 0
	mode: UNENCRYPTED

	SafeBag: 0
	PKCS8ShroudedKeyBag: not decrypted yet!

	AuthenticatedSafe: 1
	mode: PASSWORD_ENCRYPTED
	Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
	No SafeBags or not decrypted yet.
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce