Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encryption and Decryption with BouncyCastle PKCS7 - CMS in java

I want to use BouncyCastle to encrypt and decrypt with pkcs7 format. I have a hardware token. when I use Keypair in jks file in my hard drive it work fine but when i use key pair in token its not work. this is my exception:

Exception in thread "main" org.bouncycastle.cms.CMSException: cannot create cipher: No such algorithm: 2.16.840.1.101.3.4.1.2
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1.doInJCE(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.execute(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createContentCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
    at pktb.PKTB.CmsDecrypt(PKTB.java:288)
    at pktb.PKTB.main(PKTB.java:419)
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 2.16.840.1.101.3.4.1.2
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source)
    ... 10 more
Java Result: 1 

this is my Encryption code:

public byte[] CmsEncrypt(byte[] message, KeyContainer keyContainer) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
{
    Security.addProvider(new BouncyCastleProvider());
    X509Certificate cert = (X509Certificate) keyContainer.certificate;
    CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
    gen.addKeyTransRecipient(cert);
    CMSProcessable data = new CMSProcessableByteArray(message);
    CMSEnvelopedData enveloped = gen.generate(data,
    CMSEnvelopedDataGenerator.AES128_CBC, "BC");

    return  enveloped.getEncoded();

}

and this is my decryption code:

public byte[] CmsDecrypt(byte[] cipher, KeyContainer keyContainer) throws CMSException, IOException, NoSuchProviderException
    {
        Security.addProvider(new BouncyCastleProvider());
        byte[] contents=null;
        CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(new ByteArrayInputStream(cipher));
        PrivateKey key =  keyContainer.privateKey;
        X509Certificate cert = keyContainer.certificate;
        CMSEnvelopedData enveloped = new CMSEnvelopedData(cipher);
        Collection recip = enveloped.getRecipientInfos().getRecipients(); 
        KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation) recip  
                    .iterator().next(); 
        if(keyContainer.provider.equals("Software"))
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("BC"));
        else
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("SunPKCS11-" + keyContainer.provider));
        System.out.println(new String(contents));
        return contents;

    }

I must say that i use this token provider for cmsSign and cmsVerify and it works fine therefore i think the problem isn't for provider.

like image 711
Mohsen Gorgani Avatar asked Nov 03 '12 18:11

Mohsen Gorgani


1 Answers

You can use PKCS#11 to extract private and public keys from hardware token and then use these extracted public and private keys to encrypt and decrypt data with BouncyCastle PKCS7. which token you are using ? Also I cannot find the code to extract keys from hardware token. Go through the answer in following Link for extracting keys from hardware token. Click here

like image 189
Kunal Surana Avatar answered Sep 23 '22 08:09

Kunal Surana