wood burning stoves 2.0*
The moose likes Security and the fly likes OAEP cannot be used to sign or verify signatures Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "OAEP cannot be used to sign or verify signatures" Watch "OAEP cannot be used to sign or verify signatures" New topic
Author

OAEP cannot be used to sign or verify signatures

Stuart A. Burkett
Ranch Hand

Joined: May 30, 2012
Posts: 679
We've been using RSA BSafe as a JCE provider in our product. I've been investigating whether it's possible to remove BSafe and just use the standard JCE implementation included in the JRE. It all works fine apart from one place. I am trying to decrypt an encrypted key. This is the code.



keydata is a byte[] containing random bytes and encodedPublicKey is the encrypted key.

This works fine if we use the BSafe library (or even BouncyCastle) as the JCE provider but if I try using the standard JCE the call to Cipher.init throws up an error
OAEP cannot be used to sign or verify signatures

I googled that message and found the openjdk source code where the init method at line 243 throws this error if the mode is DECRYPT_MODE, the key is an RSAPublicKey and the padding type is not PAD_NONE or PAD_PKCS1.

I'm afraid I'm not an expert on encryption (and the people who wrote the code are not with the company anymore), but I was wondering if there is any way I can change this code but still maintain backwards compatibility i.e. be able to decrypt keys that have been encrypted using the RSA/ECB/OAEPWithSHA1AndMGF1Padding algorithm.

Any thoughts or suggestions are welcome.

Stuart
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: OAEP cannot be used to sign or verify signatures
 
Similar Threads
encryption decryption
Problem encrypting with openssl, decrypting with bouncy castle
RSA decryption, BadPaddingException: Data must start with zero
signer information does not match? Help...
Encryption & Decryption Problem with "JDK default" provider