[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-jce] Help! BadPaddingException when decrypting PKCS12



Since nobody has responded so far, let me provide an example of a
certificate that generates BadPaddingExceptions.  The attached files are the
same RSA 1024-bit certificate exported using Microsoft's Certificate Export
Wizard.  For one, I entered no password.  On the other, I entered the
password "test".  On both, I chose to export the private key, and I did not
choose strong encryption.

Is there something wrong with these PKCS 12 files?  I regret that I am not a
PKI expert.  I do not yet understand the PKCS formats.

I would greatly appreciate someone trying to load these certificates.  I get
a BadPaddingException using JCE 2.6 (the exception thrown to my code is a
PKCSException, but the first exception thrown in the IAIK provider code is a
BadPaddingException).  I get an ArrayIndexOutOfBoundsException using JCE
2.5.1 (see my earlier post in the list archives).

Thank you for your time,

Paul

P.S. - My deadline for fixing this problem is Friday.  :(

> -----Original Message-----
> From: Paul Williams [mailto:paulw@alibre.com]
> Sent: Thursday, August 17, 2000 11:08 AM
> To: 'iaik-jce@iaik.tu-graz.ac.at'
> Subject: RE: [iaik-jce] Help! BadPaddingException when 
> decrypting PKCS12
> 
> 
> Sorry, I forgot to mention that my code does call 
> IAIK.addAsProvider(false);
> at the beginning of my program.  I am using Microsoft's 
> latest Java VM,
> which I believe is somewhere around JDK 1.1.4.  My OS is 
> Windows 2000 SP 1.
> 
> > -----Original Message-----
> > From: Paul Williams 
> > Sent: Wednesday, August 16, 2000 7:33 PM
> > To: iaik-jce@iaik.tu-graz.ac.at
> > Subject: Help! BadPaddingException when decrypting PKCS12
> > 
> > 
> > Hello all,
> > 
> > I'm using the IAIK JCE 2.6 and the iSaSiLk toolkit version 
> > 3.01.  I am getting a BadPaddingException when decrypting a 
> > PKCS12 file.  The exception thrown to my program is a 
> > PKCSException saying "Unable to decrypt private key!".  I use 
> > Visual J++; this IDE lets me break on every exception thrown, 
> > so I was able to see the actual problem was a 
> > BadPaddingException.  The stack trace is:
> > 
> >  	iaik.security.cipher.l.b(param0, param1, param2)
> > 	iaik.security.cipher.BufferedCipher.a(param0, param1, 
> > param2, param3, param4, param5) 	
> > iaik.security.cipher.BufferedCipher.engineDoFinal(param0, 
> > param1, param2)
> >  	javax.crypto.Cipher.doFinal(param0)
> >  	iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.decrypt(param0)
> >  	iaik.pkcs.pkcs12.PKCS8ShroudedKeyBag.decrypt(param0)
> >  	iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(param0)
> >  	iaik.pkcs.pkcs12.PKCS12.decrypt(param0)
> > 
> > This exception happens with every PKCS12 certificate I 
> > attempt to decrypt, whether or not the password is correct.  
> > The PKCS12 file was generated from Microsoft's Certificate 
> > Export Wizard and includes both the private and public keys.  
> > I did not choose the "enhanced security" setting in the 
> > wizard.  Windows is able to load these PKCS12 certificates.
> > 
> > The code I use follows the examples given by the documentation:
> > 
> > 			FileInputStream fileIn = new 
> > FileInputStream (file);
> > 			BufferedInputStream in = new 
> > BufferedInputStream (fileIn);
> > 			PKCS12 pkcs12 = new PKCS12 (in);
> > 			String password = "test";
> > 			pkcs12.verify (password.toCharArray ());
> > 			pkcs12.decrypt (password.toCharArray ());
> > 
> > I expected IAIK's JCE to be able to parse any PKCS12 file.  
> > What is wrong?  The messages I read in the archives mentioned 
> > problems matching public keys to private keys, but I'm not 
> > doing that here.
> > 
> > The PKCS12.toString () method returns
> > 
> > 	PKCS#12 object:
> > 	Version: 3
> > 	AuthenticatedSafe: 0
> > 	mode: UNENCRYPTED
> > 
> > 	SafeBag: 0
> > 	PKCS8ShroudedKeyBag: not decrypted yet!
> > 
> > 	AuthenticatedSafe: 1
> > 	mode: PASSWORD_ENCRYPTED
> > 	Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
> > 	No SafeBags or not decrypted yet.
> > 
> --
> Mailinglist-archive at 
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce
 

Test Certificate Weak Encryption 'test'.pfx

Test Certificate Weak Encryption NoPwd.pfx