-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8
-
None
-
generic
-
generic
During test enhancements for JEP 121 (See CR 7181001) I've tried the following scenario:
1) create my own secret key 1 as an instance of MySecretKey class implements PBEKey interface.
2) encrypt some text using key1
3) get
key2 = skf.translateKey(key1)
, where
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE")
4) decrypt the cypher text generated on step 2 using key2 obtained on step 3
If both original text and decrypted text are the same the test passed.
The scenario works ok for a such algorithms like "pbeWithMD5ANDdes" but it doesn't work for PBKDF2 algorithms. See attached test.
In the test the scenario above is implemented. Two algorithms are used pbeWithMD5ANDdes and PBKDF2WithHmacSHA1. For the first algorithm test passed. For the second one it is failed with javax.crypto.BadPaddingException: Given final block not properly padded.
But if set key1 instead of key2 in the line 69 (recovering of the encrypted text) the test passes for both algorithms.
So, the problem is in the key2 that obtained using skf.translateKey(key1) method.
I guess the reason of the problem is the key values in its primary encoding format are not the same for original and translated key. This is because PBKDF2HmacSHA1Factory performs real regeneration of new key using password, salt and iteration count as a source material. Moreover the result of this inner generation is not the same as the result of key derivation using public API of SecretKeyFactory.
1) create my own secret key 1 as an instance of MySecretKey class implements PBEKey interface.
2) encrypt some text using key1
3) get
key2 = skf.translateKey(key1)
, where
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE")
4) decrypt the cypher text generated on step 2 using key2 obtained on step 3
If both original text and decrypted text are the same the test passed.
The scenario works ok for a such algorithms like "pbeWithMD5ANDdes" but it doesn't work for PBKDF2 algorithms. See attached test.
In the test the scenario above is implemented. Two algorithms are used pbeWithMD5ANDdes and PBKDF2WithHmacSHA1. For the first algorithm test passed. For the second one it is failed with javax.crypto.BadPaddingException: Given final block not properly padded.
But if set key1 instead of key2 in the line 69 (recovering of the encrypted text) the test passes for both algorithms.
So, the problem is in the key2 that obtained using skf.translateKey(key1) method.
I guess the reason of the problem is the key values in its primary encoding format are not the same for original and translated key. This is because PBKDF2HmacSHA1Factory performs real regeneration of new key using password, salt and iteration count as a source material. Moreover the result of this inner generation is not the same as the result of key derivation using public API of SecretKeyFactory.
- relates to
-
JDK-7181214 Need specify SKF translateKey(SecurityKey) method requires instance of PBEKey for PBKDF2 algorithms
-
- Resolved
-