-
Bug
-
Resolution: Fixed
-
P3
-
5.0
-
b28
-
sparc
-
solaris_7
-
Verified
Name: mtR10145 Date: 10/28/2003
Code below illustrates that AlgorithmParameters object, obtained
by Cipher.getAlgParameters(), assumes that it is based on algorithm different
than one used for Cipher creation. This causes problems with
encryption/decryption procedures. For example, I tried the following steps:
1. create PKCS8EncodedKeySpec object
2. create SecretKey object (algorithm PBEWithMD5AndDES)
3. create/init Cipher using created SecretKey (algorithm
PBEWithMD5AndDES)
4. perform encrypt operation to obtain array of bytes contains
encrypted PKCS8EncodedKeySpec object (Cipher.doFinal)
5. create EncryptedPrivateKeyInfo(Cipher.getAlgParameters(), encrypted_key_spec)
6. try to decrypt key spec using EncryptedPrivateKeyInfo.getKeySpec(Key)
using key from step 2. This operation throws an exception since
at this point this key does not correspond to AlgorithmParameters, used for
EPKI creation.
This behavior is definitely incorrect since it brakes encrypt/decrypt cycle with
usage of the same encryption/decryption means.
The test code (I simplified it to be more clear):
=================== Test10.java ======================
import java.security.*;
import java.security.spec.*;
import javax.crypto.spec.*;
import javax.crypto.*;
public class Test10 {
public Key key = null;
public Cipher cipher = null;
AlgorithmParameters params = null;
String [] algorithms = { "PBEWithMD5AndDES", "PBEWithSHA1AndRC2_40", "PBEWithSHA1AndDESede" };
public void go() {
String passwd = "password";
for (int i = 0; i < algorithms.length; i++) {
try {
PBEKeySpec ks = new PBEKeySpec(passwd.toCharArray());
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithms[i]);
key = skf.generateSecret(ks);
cipher = Cipher.getInstance(algorithms[i]);
cipher.init(Cipher.ENCRYPT_MODE, key);
System.out.println("");
System.out.println("alg1: " + cipher.getAlgorithm());
params = cipher.getParameters();
System.out.println("params: " + params.getAlgorithm());
byte [] encryptedInfo = {0};
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(params, encryptedInfo);
System.out.println("epki: " + epki.getAlgName());
} catch (InvalidKeyException ike) {
ike.printStackTrace(System.out);
continue;
} catch (NoSuchAlgorithmException nsae) {
nsae.printStackTrace(System.out);
continue;
} catch (NoSuchPaddingException nspe) {
nspe.printStackTrace(System.out);
continue;
} catch (InvalidKeySpecException ikse) {
ikse.printStackTrace(System.out);
continue;
}
}
System.out.println("Done");
}
public static void main( String argv[] ) {
Test10 test = new Test10();
test.go();
}
}
============== Test output with JSE 1.5.0-beta-b25 ==========
alg1: PBEWithMD5AndDES
params: PBE
epki: 1.2.840.113549.1.12.1.3
alg1: PBEWithSHA1AndRC2_40
params: PBE
epki: 1.2.840.113549.1.12.1.3
alg1: PBEWithSHA1AndDESede
params: PBE
epki: 1.2.840.113549.1.12.1.3
Done
========================================================
======================================================================
Code below illustrates that AlgorithmParameters object, obtained
by Cipher.getAlgParameters(), assumes that it is based on algorithm different
than one used for Cipher creation. This causes problems with
encryption/decryption procedures. For example, I tried the following steps:
1. create PKCS8EncodedKeySpec object
2. create SecretKey object (algorithm PBEWithMD5AndDES)
3. create/init Cipher using created SecretKey (algorithm
PBEWithMD5AndDES)
4. perform encrypt operation to obtain array of bytes contains
encrypted PKCS8EncodedKeySpec object (Cipher.doFinal)
5. create EncryptedPrivateKeyInfo(Cipher.getAlgParameters(), encrypted_key_spec)
6. try to decrypt key spec using EncryptedPrivateKeyInfo.getKeySpec(Key)
using key from step 2. This operation throws an exception since
at this point this key does not correspond to AlgorithmParameters, used for
EPKI creation.
This behavior is definitely incorrect since it brakes encrypt/decrypt cycle with
usage of the same encryption/decryption means.
The test code (I simplified it to be more clear):
=================== Test10.java ======================
import java.security.*;
import java.security.spec.*;
import javax.crypto.spec.*;
import javax.crypto.*;
public class Test10 {
public Key key = null;
public Cipher cipher = null;
AlgorithmParameters params = null;
String [] algorithms = { "PBEWithMD5AndDES", "PBEWithSHA1AndRC2_40", "PBEWithSHA1AndDESede" };
public void go() {
String passwd = "password";
for (int i = 0; i < algorithms.length; i++) {
try {
PBEKeySpec ks = new PBEKeySpec(passwd.toCharArray());
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithms[i]);
key = skf.generateSecret(ks);
cipher = Cipher.getInstance(algorithms[i]);
cipher.init(Cipher.ENCRYPT_MODE, key);
System.out.println("");
System.out.println("alg1: " + cipher.getAlgorithm());
params = cipher.getParameters();
System.out.println("params: " + params.getAlgorithm());
byte [] encryptedInfo = {0};
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(params, encryptedInfo);
System.out.println("epki: " + epki.getAlgName());
} catch (InvalidKeyException ike) {
ike.printStackTrace(System.out);
continue;
} catch (NoSuchAlgorithmException nsae) {
nsae.printStackTrace(System.out);
continue;
} catch (NoSuchPaddingException nspe) {
nspe.printStackTrace(System.out);
continue;
} catch (InvalidKeySpecException ikse) {
ikse.printStackTrace(System.out);
continue;
}
}
System.out.println("Done");
}
public static void main( String argv[] ) {
Test10 test = new Test10();
test.go();
}
}
============== Test output with JSE 1.5.0-beta-b25 ==========
alg1: PBEWithMD5AndDES
params: PBE
epki: 1.2.840.113549.1.12.1.3
alg1: PBEWithSHA1AndRC2_40
params: PBE
epki: 1.2.840.113549.1.12.1.3
alg1: PBEWithSHA1AndDESede
params: PBE
epki: 1.2.840.113549.1.12.1.3
Done
========================================================
======================================================================
- relates to
-
-
- Closed
-
-
-
- Closed
-