Encryption and Decryption with BouncyCastle PKCS7 - CMS in java

Question

I want to use BouncyCastle to encrypt and decrypt with pkcs7 format. I have a hardware token. when I use Keypair in jks file in my hard drive it work fine but when i use key pair in token its not work. this is my exception:

Exception in thread "main" org.bouncycastle.cms.CMSException: cannot create cipher: No such algorithm: 2.16.840.1.101.3.4.1.2
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1.doInJCE(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.execute(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createContentCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
    at pktb.PKTB.CmsDecrypt(PKTB.java:288)
    at pktb.PKTB.main(PKTB.java:419)
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 2.16.840.1.101.3.4.1.2
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source)
    ... 10 more
Java Result: 1 

this is my Encryption code:

public byte[] CmsEncrypt(byte[] message, KeyContainer keyContainer) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
{
    Security.addProvider(new BouncyCastleProvider());
    X509Certificate cert = (X509Certificate) keyContainer.certificate;
    CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
    gen.addKeyTransRecipient(cert);
    CMSProcessable data = new CMSProcessableByteArray(message);
    CMSEnvelopedData enveloped = gen.generate(data,
    CMSEnvelopedDataGenerator.AES128_CBC, "BC");

    return  enveloped.getEncoded();

}

and this is my decryption code:

public byte[] CmsDecrypt(byte[] cipher, KeyContainer keyContainer) throws CMSException, IOException, NoSuchProviderException
    {
        Security.addProvider(new BouncyCastleProvider());
        byte[] contents=null;
        CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(new ByteArrayInputStream(cipher));
        PrivateKey key =  keyContainer.privateKey;
        X509Certificate cert = keyContainer.certificate;
        CMSEnvelopedData enveloped = new CMSEnvelopedData(cipher);
        Collection recip = enveloped.getRecipientInfos().getRecipients(); 
        KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation) recip  
                    .iterator().next(); 
        if(keyContainer.provider.equals("Software"))
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("BC"));
        else
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("SunPKCS11-" + keyContainer.provider));
        System.out.println(new String(contents));
        return contents;

    }

I must say that i use this token provider for cmsSign and cmsVerify and it works fine therefore i think the problem isn't for provider.

Answer 1

You can use PKCS#11 to extract private and public keys from hardware token and then use these extracted public and private keys to encrypt and decrypt data with BouncyCastle PKCS7. which token you are using ? Also I cannot find the code to extract keys from hardware token. Go through the answer in following Link for extracting keys from hardware token. Click here