[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: RE: EXT SENDER - Re: [dev-crypto] On Android (but not Ubuntu 14.04): org.bouncycastle.openssl.PEMExc
From: "Bailey, Kirk A" <Kirk.A.Bailey () delphi ! com>
Date: 2017-11-13 20:45:59
Message-ID: b09df1d39c4449dca1c98af1beeac0b0 () BN6PR6802MB0082 ! 017d ! mgd ! msft ! net
[Download RAW message or body]
Hello David,
Thanks for your reply. Based on your suggestion, I tried using PKCS#8 keys; however, \
I ended up in the same situation: It works with BC 1.58 in Ubuntu 14.04 but I cannot \
get it to work on Android. Can you point me to an example of reading in an encrypted \
PKCS#8 PrivateKey in Android that is known to work?
Regards,
Kirk
-----Original Message-----
From: David Hook [mailto:dgh@cryptoworkshop.com]
Sent: Saturday, November 11, 2017 12:50 AM
To: dev-crypto@bouncycastle.org
Subject: EXT SENDER - Re: [dev-crypto] On Android (but not Ubuntu 14.04): \
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: no such \
algorithm: PBKDF-OpenSSL for provider BC
Hi Kirk,
I think Android Nougat is actually based on BC 1.57 - that did have PBKDF-OpenSSL in \
it, but I don't think it is included.
To be honest, I'd really recommend using PKCS#8 instead - these days it's just as \
portable. I think the only thing you might need to be careful of is I'm not sure if \
Android will handle passwords where the char to byte array conversion is done using \
UTF-8.
Regards,
David
On 11/11/17 04:43, Bailey, Kirk A wrote:
> Hello,
>
> I'm using the latest BC release (1.58) and I'm having a problem when running code \
> on Android (Nougat) that I do not have when running the same code using Java \
> (Eclipse) on Ubuntu 14.04. Specifically, when I try to decode an encrypted RSA key, \
> I get (on Android) the exception: "org.bouncycastle.openssl.PEMException: Unable to \
> create OpenSSL PBDKF: no such algorithm: PBKDF-OpenSSL for provider BC". I do not \
> get any exception on Ubuntu. I'm using the same keys and BC JAR files in both \
> environments. I am able to successfully load an unencrypted key in both \
> environments.
> I created the 2 test keys with the following openssl commands:
>
> > openssl genrsa -aes256 -out enc-key.key 2048 openssl genrsa -out
> > plain-key.key 2048
> I put together a simple test case to demonstrate the issue. Here's the method I \
> call to read in a key:
> public static PrivateKey createPrivateKeyFromPem(Reader keyReader, String password)
> throws IOException, InvalidKeySpecException,
> NoSuchAlgorithmException {
>
> Security.addProvider(new BouncyCastleProvider());
> PEMParser pemParser = new PEMParser(keyReader);
> Object rawKey = pemParser.readObject();
> pemParser.close();
> PEMKeyPair pemKeyPair = null;
>
> if (rawKey instanceof PEMEncryptedKeyPair) {
> PEMDecryptorProvider decryptor = new \
> JcePEMDecryptorProviderBuilder().setProvider("BC")
> .build(password.toCharArray());
> pemKeyPair = ((PEMEncryptedKeyPair) rawKey).decryptKeyPair(decryptor);
> } else {
> pemKeyPair = (PEMKeyPair) rawKey;
> }
>
> JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC");
> KeyPair keyPair = keyConverter.getKeyPair(pemKeyPair);
>
> return keyPair.getPrivate();
> }
>
> The Java program I run in Ubuntu 14.04 to exercise this is:
>
> public static void main(String[] args)
> throws InvalidKeySpecException, NoSuchAlgorithmException,
> FileNotFoundException, IOException {
>
> String encKeyFileName = "/home/user/tmp/enc-key.key";
> String plainKeyFileName = "/home/user/tmp/plain-key.key";
>
> PrivateKey plainKey = createPrivateKeyFromPem(new FileReader(new \
> File(plainKeyFileName)), ""); System.out.println("Plain private key: " + plainKey);
> PrivateKey encKey = createPrivateKeyFromPem(new FileReader(new \
> File(encKeyFileName)), "secret"); System.out.println("Plain private key: " + \
> encKey); }
>
> It runs as expected with no exceptions and prints out the information for both the \
> unencrypted and encrypted keys.
> In a simple Android Activity I do the same thing in its onCreate() method (below). \
> Note that I've included the key files as assets in the APK.
> protected void onCreate(Bundle savedInstanceState) {
> super.onCreate(savedInstanceState);
> setContentView(R.layout.activity_main);
> String encKeyAsset = "enc-key.key";
> String plainKeyAsset = "plain-key.key";
> try {
> InputStream keyStream = getAssets().open(plainKeyAsset);
> PrivateKey plainKey = createPrivateKeyFromPem(new InputStreamReader(keyStream), \
> ""); keyStream.close();
> Log.i(TAG, "Plain key: " + plainKey);
>
> keyStream = getAssets().open(encKeyAsset);
> PrivateKey encKey = createPrivateKeyFromPem(new InputStreamReader(keyStream), "");
> keyStream.close();
> Log.i(TAG, "Encrypted key: " + encKey);
> } catch (Exception e) {
> Log.e(TAG, "Exception: ", e);
> }
> }
>
> The unencrypted key is handled without issue, but I get an exception for the \
> encrypted key:
> ...
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: Exception:
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity:
> org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF:
> no such algorithm: PBKDF-OpenSSL for provider BC
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.dec
> rypt(Unknown Source)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown
> Source)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> com.example.keytest.MainActivity.createPrivateKeyFromPem(MainActivity.
> java:43)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> com.example.keytest.MainActivity.onCreate(MainActivity.java:65)
> 11-10 12:15:06.915 8898 8898 E com.example.keytest.MainActivity: at
> android.app.Activity.performCreate(Activity.java:6662)
> ...
>
> Any ideas on the cause and/or fix? If not, what else can I do to help track down \
> the cause?
>
> Best Regards,
> Kirk Bailey
>
> **********************************************************************
> ****************** Note: If the reader of this message is not the
> intended recipient, or an employee or agent responsible for delivering
> this message to the intended recipient, you are hereby notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify us immediately by replying to the message and deleting
> it from your computer. Thank you.
> **********************************************************************
> ******************
>
>
**************************************************************************************** \
Note: If the reader of this message is not the intended recipient, or an employee or \
agent responsible for delivering this message to the intended recipient, you are \
hereby notified that any dissemination, distribution or copying of this communication \
is strictly prohibited. If you have received this communication in error, please \
notify us immediately by replying to the message and deleting it from your computer. \
Thank you. ****************************************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic