[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Exception trying to parse decrypt a pfx file exported by IE 5.0




My classpath only has the IAIK jce jar file.

I still get the same error.

I tried to use the example to verify the decrypt the pkcs by adding the
following lines

	if (!mp12.verify(passphrase))
	{
	  System.out.println("Verification error!");
	  System.exit(0);
	}
	mp12.decrypt(passphrase);


in the following code :


		try {
			//Test to see if the Cipher is available

			PKCS12 mp12 = new PKCS12(new
FileInputStream(certFile));
			System.out.println(mp12);
			char[] passphrase = password.toCharArray();

			if (!mp12.verify(passphrase))
			{
			  System.out.println("Verification error!");
			  System.exit(0);
			}

			mp12.decrypt(passphrase);
			System.out.println(mp12);
			// extract private key and certificates:
			PKCS8ShroudedKeyBag pkcs8certKeys =
(PKCS8ShroudedKeyBag)mp12.getKeyBag();
			MyKeyBag certKeys = new MyKeyBag(pkcs8certKeys);
			certKeys.decrypt(passphrase);
			System.out.println("Shrouded key bag : \n" +
certKeys.toString());
			java.security.PrivateKey privKey =
certKeys.getPrivateKey();
			if (privKey != null)
			{
				System.out.println("private key :" +
privKey.toString());
			}

			// extract the cert chain from the pfx file
			CertificateBag[]  certBag =
mp12.getCertificateBags();

			if (certBag != null) {
				System.out.println("CertificateBag :" +
certBag.toString());
				X509Certificate[] certs =
CertificateBag.getCertificates(certBag);

				//get the user certificate - corresponding
to the private key -
				//from the last position of the chain:
				X509Certificate userCert =
certs[certs.length - 1];

				System.out.println("Found chain of length =
" + certs.length);

				keystore.setKeyEntry(alias, privKey,
passphrase, certs);
			}

		} catch (Exception e) {
			e.printStackTrace();
		}


but I still get an NoSuchAlgorithm for the PKCS#12-MAC algorithm for a
KeyGenerator :
The output is as follows:
(The output also shows the classpath)

----------------------------------------------------------------------------
-----------------
adding Provider IAIK...

Java version number: 1.3.0rc2
Java compiler: null
Java vendor-specific string: Sun Microsystems Inc.
Java vendor URL: http://java.sun.com/
Java installation directory: d:\jdk1.3\jre
Java class format version number: 47.0
Java class path: .;D:\Program Files\Certificate
Software\IAIK-JCE2.61eval\lib\iaik_jce_full.jar
Operating system name: Windows NT
Operating system architecture: x86
Operating system version: 4.0

Installed security providers providers:

Provider 1: IAIK  version: 2.61
Provider 2: SUN  version: 1.2
Provider 3: SunRsaSign  version: 1.0
Provider 4: SunJSSE  version: 1.02
PKCS#12 object:
Version: 3
AuthenticatedSafe: 0
mode: UNENCRYPTED

SafeBag: 0
PKCS8ShroudedKeyBag: not decrypted yet!

AuthenticatedSafe: 1
mode: PASSWORD_ENCRYPTED
Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
No SafeBags or not decrypted yet.


iaik.pkcs.PKCSException: java.security.NoSuchAlgorithmException:
KeyGenerator::getInstance(String) -
 no KeyGenerator could be found for this algorithm - PKCS#12-MAC - amongst
any of the providers.
        at iaik.pkcs.pkcs12.PKCS12.verify(Unknown Source)
        at IECertConverter.parseCert(IECertConverter.java:36)
        at IECertConverter.main(IECertConverter.java:109)



thanx
anuja
> -----Original Message-----
> From: SUPPORT-JCE [mailto:jce@iaik.at]
> Sent: Wednesday, November 08, 2000 4:05 AM
> To: Anuja Gokhale; jce-info@iaik.tu-graz.ac.at
> Subject: AW: Exception trying to parse decrypt a pfx file
> exported by IE
> 5.0
>
>
> Hello,
>
> maybe you use another JCE interface implementation not
> compatible IAIK-JCE.
> Please look at your classpath and try to remove any other provider.
>
> Regards,
> Dieter Bratko
>
> -----Ursprüngliche Nachricht-----
> Von: Anuja Gokhale [mailto:anujag@fornova.com]
> Gesendet: Montag, 6. November 2000 21:44
> An: jce-info@iaik.tu-graz.ac.at
> Betreff: Exception trying to parse decrypt a pfx file
> exported by IE 5.0
>
>
> Hello,
>
> I have exported my certificate (including the private key) in
> a ofx file
> from IE.
>
> I am trying to use the iaik PKCS12 class to decrypt this and
> extract the
> private key and certificate chain.
>
> I get the following exception when I try to verify it.
>
> iaik.pkcs.PKCSException: java.security.NoSuchAlgorithmException:
> KeyGenerator::getInstance(String) - no KeyGenerator could be
> found for this
> algorithm - PKCS#12-MAC - amongst any of the providers.
> IECertConverter.parseCert(IECertConverter:53)	at
> IECertConverter.parseCert(IECertConverter.java:29)
> 	at IECertConverter.main(IECertConverter.java:85)
>
>
>
> If I comment out the verify call and just try and decrypt the
> file, I get
> the following error
>
> iaik.pkcs.PKCSException: Unable to decrypt PrivateKey!
> 	at iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(Unknown Source)
> 	at iaik.pkcs.pkcs12.PKCS12.decrypt(Unknown Source)
> 	at IECertConverter.parseCert(IECertConverter.java:30)
> 	at IECertConverter.main(IECertConverter.java:85)
>
> I am using the iaik_jce_full.jar jar file....
>
>
> The source code is:
>
>
> 	public static void parseCert(String certFile, String password,
> String alias) {
>
> 		try {
>
> 		  	IAIK.addAsProvider(true);
> 		  	// get a new KeyStore onject
>
> 			keystore = KeyStore.getInstance("IAIKKeyStore",
> "IAIK");
> 			char[] passphrase = "password".toCharArray();
>
> 		            // create a new  keystore
> 		            keystore.load(null, passphrase);
>
> 			//parse the certificate file
> 			PKCS12 mp12 = new PKCS12(new
> FileInputStream(certFile));
> 			System.out.println(mp12);
> 			char[] passphrase = password.toCharArray();
>
> 			System.out.println("verify: " +
> mp12.verify(passphrase));
> 			mp12.decrypt(passphrase);
> 			System.out.println(mp12);
> 			// extract private key and certificates:
> 			KeyBag certKeys = mp12.getKeyBag();
> 			java.security.PrivateKey privKey =
> certKeys.getPrivateKey();
>
> 			// extract the cert chain from the pfx file
> 			CertificateBag[]  certBag =
> mp12.getCertificateBags();
> 			X509Certificate[] certs =
> CertificateBag.getCertificates(certBag);
>
> 			//get the user certificate -
> corresponding to the
> private key -
> 			//from the last position of the chain:
> 			X509Certificate userCert =
> certs[certs.length - 1];
>
> 			System.out.println("Found chain of length = " +
> certs.length);
>
> 			keystore.setKeyEntry(alias, privKey, passphrase,
> certs);
>
> 		} catch (Exception e) {
> 			e.printStackTrace();
> 		}
>
>
> What am  I doing wrong ?
>
> thanx,
> Anuja
>
> --------------------------------------------------------------
> --------------
> -----------------
> Anuja Gokhale                           anujag@roguewave.com
> Roguewave Software Inc.            phone: 508 624 5277
> Southboro
>
>
>
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce