[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-jce] Help! BadPaddingException when decrypting PKCS12



Keith,

Thank you for responding.

Using your same code, I cannot decode my certificates with the IAIK JCE 2.6.
What version are you using?

If you're using JCE 2.5 or 2.5.1, try decoding the certificates with the
wrong password.  For example, for the certificate with password "test", try
using "te" and "tes".  You should get an ArrayIndexOutOfBoundsException (see
my earlier post in the list archives).

Anyway, it's time I opened a support ticket.  Thanks again.

> -----Original Message-----
> From: Keith Wiseman [mailto:keith@digsigtrust.com]
> Sent: Monday, August 21, 2000 8:02 PM
> To: Paul Williams
> Cc: 'iaik-jce@iaik.tu-graz.ac.at'
> Subject: Re: [iaik-jce] Help! BadPaddingException when 
> decrypting PKCS12
> 
> 
> Here is a sample application that will open one of the certs 
> you included:
> 
> class help {
> 
>   public static void main(String argv[]) throws Exception {
>     iaik.security.provider.IAIK.addAsProvider(false);
> 
>     iaik.pkcs.pkcs12.PKCS12 p12 = new 
> iaik.pkcs.pkcs12.PKCS12(new java.io.FileInputStream("testcert.pfx"));
>     p12.decrypt("test".toCharArray());
> 
>     iaik.pkcs.pkcs12.CertificateBag[] certbag = 
> p12.getCertificateBags();
>     iaik.x509.X509Certificate EECert =
> iaik.pkcs.pkcs12.CertificateBag.getCertificates(certbag)[certb
> ag.length-1];
>     System.out.println("Cert: " + EECert.toString());
>   }
> 
> }
> 
> 
> 
> Paul Williams wrote:
> 
> > Since nobody has responded so far, let me provide an example of a
> > certificate that generates BadPaddingExceptions.  The 
> attached files are the
> > same RSA 1024-bit certificate exported using Microsoft's 
> Certificate Export
> > Wizard.  For one, I entered no password.  On the other, I 
> entered the
> > password "test".  On both, I chose to export the private 
> key, and I did not
> > choose strong encryption.
> >
> > Is there something wrong with these PKCS 12 files?  I 
> regret that I am not a
> > PKI expert.  I do not yet understand the PKCS formats.
> >
> > I would greatly appreciate someone trying to load these 
> certificates.  I get
> > a BadPaddingException using JCE 2.6 (the exception thrown 
> to my code is a
> > PKCSException, but the first exception thrown in the IAIK 
> provider code is a
> > BadPaddingException).  I get an 
> ArrayIndexOutOfBoundsException using JCE
> > 2.5.1 (see my earlier post in the list archives).
> >
> > Thank you for your time,
> >
> > Paul
> >
> > P.S. - My deadline for fixing this problem is Friday.  :(
> >
> > > -----Original Message-----
> > > From: Paul Williams [mailto:paulw@alibre.com]
> > > Sent: Thursday, August 17, 2000 11:08 AM
> > > To: 'iaik-jce@iaik.tu-graz.ac.at'
> > > Subject: RE: [iaik-jce] Help! BadPaddingException when
> > > decrypting PKCS12
> > >
> > >
> > > Sorry, I forgot to mention that my code does call
> > > IAIK.addAsProvider(false);
> > > at the beginning of my program.  I am using Microsoft's
> > > latest Java VM,
> > > which I believe is somewhere around JDK 1.1.4.  My OS is
> > > Windows 2000 SP 1.
> > >
> > > > -----Original Message-----
> > > > From: Paul Williams
> > > > Sent: Wednesday, August 16, 2000 7:33 PM
> > > > To: iaik-jce@iaik.tu-graz.ac.at
> > > > Subject: Help! BadPaddingException when decrypting PKCS12
> > > >
> > > >
> > > > Hello all,
> > > >
> > > > I'm using the IAIK JCE 2.6 and the iSaSiLk toolkit version
> > > > 3.01.  I am getting a BadPaddingException when decrypting a
> > > > PKCS12 file.  The exception thrown to my program is a
> > > > PKCSException saying "Unable to decrypt private key!".  I use
> > > > Visual J++; this IDE lets me break on every exception thrown,
> > > > so I was able to see the actual problem was a
> > > > BadPaddingException.  The stack trace is:
> > > >
> > > >     iaik.security.cipher.l.b(param0, param1, param2)
> > > >     iaik.security.cipher.BufferedCipher.a(param0, param1,
> > > > param2, param3, param4, param5)
> > > > iaik.security.cipher.BufferedCipher.engineDoFinal(param0,
> > > > param1, param2)
> > > >     javax.crypto.Cipher.doFinal(param0)
> > > >     iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.decrypt(param0)
> > > >     iaik.pkcs.pkcs12.PKCS8ShroudedKeyBag.decrypt(param0)
> > > >     iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(param0)
> > > >     iaik.pkcs.pkcs12.PKCS12.decrypt(param0)
> > > >
> > > > This exception happens with every PKCS12 certificate I
> > > > attempt to decrypt, whether or not the password is correct.
> > > > The PKCS12 file was generated from Microsoft's Certificate
> > > > Export Wizard and includes both the private and public keys.
> > > > I did not choose the "enhanced security" setting in the
> > > > wizard.  Windows is able to load these PKCS12 certificates.
> > > >
> > > > The code I use follows the examples given by the documentation:
> > > >
> > > >                     FileInputStream fileIn = new
> > > > FileInputStream (file);
> > > >                     BufferedInputStream in = new
> > > > BufferedInputStream (fileIn);
> > > >                     PKCS12 pkcs12 = new PKCS12 (in);
> > > >                     String password = "test";
> > > >                     pkcs12.verify (password.toCharArray ());
> > > >                     pkcs12.decrypt (password.toCharArray ());
> > > >
> > > > I expected IAIK's JCE to be able to parse any PKCS12 file.
> > > > What is wrong?  The messages I read in the archives mentioned
> > > > problems matching public keys to private keys, but I'm not
> > > > doing that here.
> > > >
> > > > The PKCS12.toString () method returns
> > > >
> > > >     PKCS#12 object:
> > > >     Version: 3
> > > >     AuthenticatedSafe: 0
> > > >     mode: UNENCRYPTED
> > > >
> > > >     SafeBag: 0
> > > >     PKCS8ShroudedKeyBag: not decrypted yet!
> > > >
> > > >     AuthenticatedSafe: 1
> > > >     mode: PASSWORD_ENCRYPTED
> > > >     Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
> > > >     No SafeBags or not decrypted yet.
> > > >
> > > --
> > > Mailinglist-archive at
> > http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the 
> folowing content:
> > UNSUBSCRIBE iaik-jce
> >
> >
> >   
> --------------------------------------------------------------
> ----------
> >                                                   Name: 
> Test Certificate Weak Encryption 'test'.pfx
> >    Test Certificate Weak Encryption 'test'.pfx    Type: 
> Personal Information Exchange (application/x-pkcs12)
> >                                               Encoding: base64
> >
> >                                                  Name: Test 
> Certificate Weak Encryption NoPwd.pfx
> >    Test Certificate Weak Encryption NoPwd.pfx    Type: 
> Personal Information Exchange (application/x-pkcs12)
> >                                              Encoding: base64
> 
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce