'RE: EXT SENDER - Re: [dev-crypto] On Android (but not Ubuntu 14.04): org.bouncycastle.openssl.PEMExc'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    RE: EXT SENDER - Re: [dev-crypto] On Android (but not Ubuntu 14.04): org.bouncycastle.openssl.PEMExc
From:       "Bailey, Kirk A" <Kirk.A.Bailey () delphi ! com>
Date:       2017-11-13 20:45:59
Message-ID: b09df1d39c4449dca1c98af1beeac0b0 () BN6PR6802MB0082 ! 017d ! mgd ! msft ! net
[Download RAW message or body]

Hello David,

Thanks for your reply. Based on your suggestion, I tried using PKCS#8 keys; however, \
I ended up in the same situation: It works with BC 1.58 in Ubuntu 14.04 but I cannot \
get it to work on Android. Can you point me to an example of reading in an encrypted \
PKCS#8 PrivateKey in Android that is known to work?

Regards,

Kirk

-----Original Message-----
From: David Hook [mailto:dgh@cryptoworkshop.com]
Sent: Saturday, November 11, 2017 12:50 AM
To: dev-crypto@bouncycastle.org
Subject: EXT SENDER - Re: [dev-crypto] On Android (but not Ubuntu 14.04): \
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: no such \
algorithm: PBKDF-OpenSSL for provider BC


Hi Kirk,

I think Android Nougat is actually based on BC 1.57 - that did have PBKDF-OpenSSL in \
it, but I don't think it is included.

To be honest, I'd really recommend using PKCS#8 instead - these days it's just as \
portable. I think the only thing you might need to be careful of is I'm not sure if \
Android will handle passwords where the char to byte array conversion is done using \
UTF-8.

Regards,

David

On 11/11/17 04:43, Bailey, Kirk A wrote:
> Hello,
> 
> I'm using the latest BC release (1.58) and I'm having a problem when running code \
> on Android (Nougat) that I do not have when running the same code using Java \
> (Eclipse) on Ubuntu 14.04. Specifically, when I try to decode an encrypted RSA key, \
> I get (on Android) the exception: "org.bouncycastle.openssl.PEMException: Unable to \
> create OpenSSL PBDKF: no such algorithm: PBKDF-OpenSSL for provider BC". I do not \
> get any exception on Ubuntu. I'm using the same keys and BC JAR files in both \
> environments. I am able to successfully load an unencrypted key in both \
> environments. 
> I created the 2 test keys with the following openssl commands:
> 
> > openssl genrsa -aes256 -out enc-key.key 2048 openssl genrsa -out
> > plain-key.key 2048
> I put together a simple test case to demonstrate the issue. Here's the method I \
> call to read in a key: 
> public static PrivateKey createPrivateKeyFromPem(Reader keyReader, String password)
> throws IOException, InvalidKeySpecException,
> NoSuchAlgorithmException {
> 
> Security.addProvider(new BouncyCastleProvider());
> PEMParser pemParser = new PEMParser(keyReader);
> Object rawKey = pemParser.readObject();
> pemParser.close();
> PEMKeyPair pemKeyPair = null;
> 
> if (rawKey instanceof PEMEncryptedKeyPair) {
> PEMDecryptorProvider decryptor = new \
>                 JcePEMDecryptorProviderBuilder().setProvider("BC")
> .build(password.toCharArray());
> pemKeyPair = ((PEMEncryptedKeyPair) rawKey).decryptKeyPair(decryptor);
> } else {
> pemKeyPair = (PEMKeyPair) rawKey;
> }
> 
> JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC");
> KeyPair keyPair = keyConverter.getKeyPair(pemKeyPair);
> 
> return keyPair.getPrivate();
> }
> 
> The Java program I run in Ubuntu 14.04 to exercise this is:
> 
> public static void main(String[] args)
> throws InvalidKeySpecException, NoSuchAlgorithmException,
> FileNotFoundException, IOException {
> 
> String encKeyFileName = "/home/user/tmp/enc-key.key";
> String plainKeyFileName = "/home/user/tmp/plain-key.key";
> 
> PrivateKey plainKey = createPrivateKeyFromPem(new FileReader(new \
> File(plainKeyFileName)), ""); System.out.println("Plain private key: " + plainKey);
> PrivateKey encKey = createPrivateKeyFromPem(new FileReader(new \
> File(encKeyFileName)), "secret"); System.out.println("Plain private key: " + \
> encKey); }
> 
> It runs as expected with no exceptions and prints out the information for both the \
> unencrypted and encrypted keys. 
> In a simple Android Activity I do the same thing in its onCreate() method (below). \
> Note that I've included the key files as assets in the APK. 
> protected void onCreate(Bundle savedInstanceState) {
> super.onCreate(savedInstanceState);
> setContentView(R.layout.activity_main);
> String encKeyAsset = "enc-key.key";
> String plainKeyAsset = "plain-key.key";
> try {
> InputStream keyStream = getAssets().open(plainKeyAsset);
> PrivateKey plainKey = createPrivateKeyFromPem(new InputStreamReader(keyStream), \
> ""); keyStream.close();
> Log.i(TAG, "Plain key: " + plainKey);
> 
> keyStream = getAssets().open(encKeyAsset);
> PrivateKey encKey = createPrivateKeyFromPem(new InputStreamReader(keyStream), "");
> keyStream.close();
> Log.i(TAG, "Encrypted key: " + encKey);
> } catch (Exception e) {
> Log.e(TAG, "Exception: ", e);
> }
> }
> 
> The unencrypted key is handled without issue, but I get an exception for the \
> encrypted key: 
> ...
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: Exception:
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity:
> org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF:
> no such algorithm: PBKDF-OpenSSL for provider BC
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.dec
> rypt(Unknown Source)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown
> Source)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> com.example.keytest.MainActivity.createPrivateKeyFromPem(MainActivity.
> java:43)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> com.example.keytest.MainActivity.onCreate(MainActivity.java:65)
> 11-10 12:15:06.915  8898  8898 E com.example.keytest.MainActivity: at
> android.app.Activity.performCreate(Activity.java:6662)
> ...
> 
> Any ideas on the cause and/or fix? If not, what else can I do to help track down \
> the cause? 
> 
> Best Regards,
> Kirk Bailey
> 
> **********************************************************************
> ****************** Note: If the reader of this message is not the
> intended recipient, or an employee or agent responsible for delivering
> this message to the intended recipient, you are hereby notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify us immediately by replying to the message and deleting
> it from your computer. Thank you.
> **********************************************************************
> ******************
> 
> 


**************************************************************************************** \
Note: If the reader of this message is not the intended recipient, or an employee or \
agent responsible for delivering this message to the intended recipient, you are \
hereby notified that any dissemination, distribution or copying of this communication \
is strictly prohibited. If you have received this communication in error, please \
notify us immediately by replying to the message and deleting it from your computer. \
Thank you. ****************************************************************************************



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic