[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] PKCS#12 decrypt() problem



Hi,

I'm having problems using the decrypt() method in the PKCS#12 class. 
Here's what my code does:

(1) generate a key pair and an X509
(2) sign the X509 with the CA private key
(3) Put the key pair and the X509 in a KeyBag and a CertificateBag
respectively
(4) Make a PKCS#12 object out of the two bags
(5) Encrypt the PKCS#12 object with a password
(6) Try to decrypt the PKCS#12 with a password supplied by the user

Everything's fine for steps (1)-(5), but (6) doesn't seem to work at
all.  I get ASN1coding exceptions and IndexArrayOutOfBounds exceptions
when the wrong password is entered, and it only sometimes decrypts
successfully when the correct password is entered.  Any solutions?  The
actual source code is this:

import iaik.security.provider.*;
import iaik.security.provider.IAIK;
import iaik.pkcs.pkcs12.KeyBag;
import iaik.pkcs.pkcs12.PKCS12;
import iaik.pkcs.pkcs12.CertificateBag;
import iaik.x509.*;
import iaik.asn1.structures.*;
import iaik.asn1.*;
import iaik.pkcs.PKCSException;

import java.security.cert.CertificateException;
import java.math.BigInteger;
import java.util.*;
import java.security.*;
import java.io.*;

class PKCS12Demo
{
    public static void main(String[] args) throws Exception
    {
        IAIK.addAsProvider(true);

        //Generate CA RSA Key Pair
        KeyPairGenerator gen1=KeyPairGenerator.getInstance("RSA",
"IAIK");
		gen1.initialize(512);
		System.out.println("Generating CA RSA Key Pair");
		System.out.flush();
		KeyPair CAkp=gen1.generateKeyPair();

        // Generate Client RSA Key Pair
        KeyPairGenerator gen2=KeyPairGenerator.getInstance("RSA",
"IAIK");
		gen2.initialize(512);
		System.out.println("Generating Client RSA Key Pair");
		System.out.flush();
		KeyPair Clientkp=gen2.generateKeyPair();

		// Generate Client X509 Certificate
        System.out.println("Generating Client X509 Certificate");
		X509Certificate ClientCert=new X509Certificate();
		ClientCert.setSerialNumber(BigInteger.valueOf(0x1234L));
		Name ClientName=new Name();
		ClientName.addRDN(ObjectID.country, "UK");
		ClientName.addRDN(ObjectID.organization, "QMW");
		ClientName.addRDN(ObjectID.organizationalUnit, "Computer Science
Department");
		ClientName.addRDN(ObjectID.commonName, "Tom Runnacles");
		ClientCert.setSubjectDN(ClientName);
		GregorianCalendar today=new GregorianCalendar();
		ClientCert.setValidNotBefore(today.getTime());
		today.add(Calendar.MONTH, 6);
		ClientCert.setValidNotAfter(today.getTime());
		ClientCert.setIssuerDN(ClientName);
		ClientCert.setPublicKey(Clientkp.getPublic());

		// Then sign the Client X509
		System.out.println("Signing the Client X509 Certificate with the CA
Private key");
		ClientCert.sign(AlgorithmID.md5WithRSAEncryption, CAkp.getPrivate());

		// Put the key-pair in a KeyBag
		System.out.println("Putting the Client's private key in a KeyBag");
		KeyBag kbag=new KeyBag(Clientkp.getPrivate());
		
    
		// Put the client X509 in a CertificateBag
		System.out.println("Putting the Client's X509 in a Certificate Bag");
		CertificateBag[] cbag=new CertificateBag[1];
		cbag[0]=new CertificateBag(ClientCert);

		// Put both bags in a PKCS#12
		System.out.println("Putting the KeyBag and the Certificate bag in a
PKCS12 object");
		
		PKCS12 test=new PKCS12(kbag, cbag, false);
		String password="hello";
		char[] passch=password.toCharArray();
		test.encrypt(passch);

		// Test the encryption
		BufferedReader br=new BufferedReader(new
InputStreamReader(System.in));
		boolean decrypts=false;
		while (!decrypts)
		{

		    System.out.println("Please enter the password for the PKCS12
object");
		    String trypass=br.readLine();
		    char[] trychar=trypass.toCharArray();
		    		    
		    try
		    {
		        test.decrypt(trychar);
		        System.out.println("The PCKS12 object decrypts with the
password entered");
		        decrypts=true;
		    }
		    catch (PKCSException e2)
		    {
		        Thread.dumpStack();
		        System.out.println(e2.getMessage());
		        System.out.println("The PKCS12 does not decrpyt with that
password");
		    }
		    catch (ArrayIndexOutOfBoundsException e3)
		    {
		        System.out.println("ArrayIndexOutOfBoundsException thrown");
		        System.out.println(e3.getMessage());
		        
		    }
		    
		}
	}
}
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce