[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Irrecoverable key error



Hello,

I extract a key and chain froma  pfx file and store that in a KeyStore
object. In the next line I try and retrieve this key and print it out and
get an

java.security.UnrecoverableKeyException: excess private key
        at sun.security.provider.KeyProtector.recover(KeyProtector.java:314)
        at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:106)
        at java.security.KeyStore.getKey(KeyStore.java:250)
        at IECertConverter.parseCert(IECertConverter.java:71)
        at IECertConverter.main(IECertConverter.java:135)

Is this a known bug or am I doing something wrong.

Here is the piece of code:

------------------------------------------------------------


	public static void parseCert(String certFile, String password,
String alias) {

		try {
			//Test to see if the Cipher is available
			PKCS12 mp12 = new PKCS12(new
FileInputStream(certFile));
			System.out.println(mp12);
			char[] passphrase = password.toCharArray();

			if (!mp12.verify(passphrase))
			{
			  System.out.println("Verification error!");
			  System.exit(0);
			}

			mp12.decrypt(passphrase);
			System.out.println(mp12);
			// extract private key and certificates:
			PKCS8ShroudedKeyBag pkcs8certKeys =
(PKCS8ShroudedKeyBag)mp12.getKeyBag();
			MyKeyBag certKeys = new MyKeyBag(pkcs8certKeys);
			certKeys.decrypt(passphrase);
			System.out.println("Shrouded key bag : \n" +
certKeys.toString());
			java.security.PrivateKey privKey =
certKeys.getPrivateKey();
			if (privKey != null)
			{
				System.out.println("private key :" +
privKey.toString());
			}

			// extract the cert chain from the pfx file
			CertificateBag[]  certBag =
mp12.getCertificateBags();

			if (certBag != null) {
				System.out.println("CertificateBag :" +
certBag.toString());
				X509Certificate[] certs =
CertificateBag.getCertificates(certBag);

				//get the user certificate - corresponding
to the private key -
				//from the last position of the chain:
				X509Certificate userCert =
certs[certs.length - 1];

				System.out.println("Found chain of length =
" + certs.length);

				keystore.setKeyEntry(alias, privKey,
passphrase, certs);

				// Check the entry. This is where it blows
up!!!
				PrivateKey retrievedPrivKey =
(java.security.PrivateKey)keystore.getKey(alias, passphrase);
				java.security.cert.X509Certificate[] chain =
(java.security.cert.X509Certificate[])keystore.getCertificateChain("New
Person");

				System.out.println("private key retrieved =
" + retrievedPrivKey.toString());
				System.out.println("Cert chain of length = "
+  chain.length);
				saveKeyStore();

			}

		} catch (Exception e) {
			e.printStackTrace();
		}
 	}



thanx
anuja
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce