[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Help! BadPaddingException when decrypting PKCS12



Here is a sample application that will open one of the certs you included:

class help {

  public static void main(String argv[]) throws Exception {
    iaik.security.provider.IAIK.addAsProvider(false);

    iaik.pkcs.pkcs12.PKCS12 p12 = new iaik.pkcs.pkcs12.PKCS12(new java.io.FileInputStream("testcert.pfx"));
    p12.decrypt("test".toCharArray());

    iaik.pkcs.pkcs12.CertificateBag[] certbag = p12.getCertificateBags();
    iaik.x509.X509Certificate EECert =
iaik.pkcs.pkcs12.CertificateBag.getCertificates(certbag)[certbag.length-1];
    System.out.println("Cert: " + EECert.toString());
  }

}



Paul Williams wrote:

> Since nobody has responded so far, let me provide an example of a
> certificate that generates BadPaddingExceptions.  The attached files are the
> same RSA 1024-bit certificate exported using Microsoft's Certificate Export
> Wizard.  For one, I entered no password.  On the other, I entered the
> password "test".  On both, I chose to export the private key, and I did not
> choose strong encryption.
>
> Is there something wrong with these PKCS 12 files?  I regret that I am not a
> PKI expert.  I do not yet understand the PKCS formats.
>
> I would greatly appreciate someone trying to load these certificates.  I get
> a BadPaddingException using JCE 2.6 (the exception thrown to my code is a
> PKCSException, but the first exception thrown in the IAIK provider code is a
> BadPaddingException).  I get an ArrayIndexOutOfBoundsException using JCE
> 2.5.1 (see my earlier post in the list archives).
>
> Thank you for your time,
>
> Paul
>
> P.S. - My deadline for fixing this problem is Friday.  :(
>
> > -----Original Message-----
> > From: Paul Williams [mailto:paulw@alibre.com]
> > Sent: Thursday, August 17, 2000 11:08 AM
> > To: 'iaik-jce@iaik.tu-graz.ac.at'
> > Subject: RE: [iaik-jce] Help! BadPaddingException when
> > decrypting PKCS12
> >
> >
> > Sorry, I forgot to mention that my code does call
> > IAIK.addAsProvider(false);
> > at the beginning of my program.  I am using Microsoft's
> > latest Java VM,
> > which I believe is somewhere around JDK 1.1.4.  My OS is
> > Windows 2000 SP 1.
> >
> > > -----Original Message-----
> > > From: Paul Williams
> > > Sent: Wednesday, August 16, 2000 7:33 PM
> > > To: iaik-jce@iaik.tu-graz.ac.at
> > > Subject: Help! BadPaddingException when decrypting PKCS12
> > >
> > >
> > > Hello all,
> > >
> > > I'm using the IAIK JCE 2.6 and the iSaSiLk toolkit version
> > > 3.01.  I am getting a BadPaddingException when decrypting a
> > > PKCS12 file.  The exception thrown to my program is a
> > > PKCSException saying "Unable to decrypt private key!".  I use
> > > Visual J++; this IDE lets me break on every exception thrown,
> > > so I was able to see the actual problem was a
> > > BadPaddingException.  The stack trace is:
> > >
> > >     iaik.security.cipher.l.b(param0, param1, param2)
> > >     iaik.security.cipher.BufferedCipher.a(param0, param1,
> > > param2, param3, param4, param5)
> > > iaik.security.cipher.BufferedCipher.engineDoFinal(param0,
> > > param1, param2)
> > >     javax.crypto.Cipher.doFinal(param0)
> > >     iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.decrypt(param0)
> > >     iaik.pkcs.pkcs12.PKCS8ShroudedKeyBag.decrypt(param0)
> > >     iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(param0)
> > >     iaik.pkcs.pkcs12.PKCS12.decrypt(param0)
> > >
> > > This exception happens with every PKCS12 certificate I
> > > attempt to decrypt, whether or not the password is correct.
> > > The PKCS12 file was generated from Microsoft's Certificate
> > > Export Wizard and includes both the private and public keys.
> > > I did not choose the "enhanced security" setting in the
> > > wizard.  Windows is able to load these PKCS12 certificates.
> > >
> > > The code I use follows the examples given by the documentation:
> > >
> > >                     FileInputStream fileIn = new
> > > FileInputStream (file);
> > >                     BufferedInputStream in = new
> > > BufferedInputStream (fileIn);
> > >                     PKCS12 pkcs12 = new PKCS12 (in);
> > >                     String password = "test";
> > >                     pkcs12.verify (password.toCharArray ());
> > >                     pkcs12.decrypt (password.toCharArray ());
> > >
> > > I expected IAIK's JCE to be able to parse any PKCS12 file.
> > > What is wrong?  The messages I read in the archives mentioned
> > > problems matching public keys to private keys, but I'm not
> > > doing that here.
> > >
> > > The PKCS12.toString () method returns
> > >
> > >     PKCS#12 object:
> > >     Version: 3
> > >     AuthenticatedSafe: 0
> > >     mode: UNENCRYPTED
> > >
> > >     SafeBag: 0
> > >     PKCS8ShroudedKeyBag: not decrypted yet!
> > >
> > >     AuthenticatedSafe: 1
> > >     mode: PASSWORD_ENCRYPTED
> > >     Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
> > >     No SafeBags or not decrypted yet.
> > >
> > --
> > Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing content:
> UNSUBSCRIBE iaik-jce
>
>
>   ------------------------------------------------------------------------
>                                                   Name: Test Certificate Weak Encryption 'test'.pfx
>    Test Certificate Weak Encryption 'test'.pfx    Type: Personal Information Exchange (application/x-pkcs12)
>                                               Encoding: base64
>
>                                                  Name: Test Certificate Weak Encryption NoPwd.pfx
>    Test Certificate Weak Encryption NoPwd.pfx    Type: Personal Information Exchange (application/x-pkcs12)
>                                              Encoding: base64

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce