This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes OAEP cannot be used to sign or verify signatures Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "OAEP cannot be used to sign or verify signatures" Watch "OAEP cannot be used to sign or verify signatures" New topic
Author

OAEP cannot be used to sign or verify signatures

Stuart A. Burkett
Ranch Hand

Joined: May 30, 2012
Posts: 679
We've been using RSA BSafe as a JCE provider in our product. I've been investigating whether it's possible to remove BSafe and just use the standard JCE implementation included in the JRE. It all works fine apart from one place. I am trying to decrypt an encrypted key. This is the code.



keydata is a byte[] containing random bytes and encodedPublicKey is the encrypted key.

This works fine if we use the BSafe library (or even BouncyCastle) as the JCE provider but if I try using the standard JCE the call to Cipher.init throws up an error
OAEP cannot be used to sign or verify signatures

I googled that message and found the openjdk source code where the init method at line 243 throws this error if the mode is DECRYPT_MODE, the key is an RSAPublicKey and the padding type is not PAD_NONE or PAD_PKCS1.

I'm afraid I'm not an expert on encryption (and the people who wrote the code are not with the company anymore), but I was wondering if there is any way I can change this code but still maintain backwards compatibility i.e. be able to decrypt keys that have been encrypted using the RSA/ECB/OAEPWithSHA1AndMGF1Padding algorithm.

Any thoughts or suggestions are welcome.

Stuart
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: OAEP cannot be used to sign or verify signatures