• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Bad Padding Exception - RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING in pkcs11

 
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have developed an application and using the following keys for digital signatures those of which were placed in a file path (Directory) in testing environment.

1) XXX.p12 file - for Digital signature.

2) XXX.p12 file - for decryption of XML response.

3) XXX.cer file - for encrypting the session keys , input XML etc.

Since the files are on a particular file path location , the code is running fine.So for in the pre-production environment we have procured the CryptoGraphic Token from a CA and imported the XXX.p12 file for testing of the same, i am successfully able to digitally sign the request , However in case of decrypting the session key that is encrypted by the server using "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" i am getting the error as :-




My Testing Method is :-



I have found the issue is that the implementation of SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" is not compatible with other implementations (BouncyCastle/IAIK/PKCS11)

When setting AlgorithmParameters (with OAEPParameterSpec) an exception is thrown (javax.crypto.BadPaddingException)

Refer : Problems with Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" Bug Details: https://bugs.openjdk.java.net/browse/JDK-7038158?page=com.atlassian.jira.plugin.system.issuetabpanels%3aworklog-tabpanel

Is their any way that i can decrypt the data for RSA-OAEP padding.
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have read your post several times and I'm thoroughly confused; what am I missing? I don't see how the testEncryption() method which uses "RSA/ECB/PKCS1Padding" has anything to do with "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" . Can you explain how the testEncryption() method relates to the problem you have?
 
Manish Sahni
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry for the wrong version.Updated with Correct version as follows :-


Manish Sahni wrote: I have developed an application and using the following keys for digital signatures those of which were placed in a file path (Directory) in testing environment.

1) XXX.p12 file - for Digital signature.

2) XXX.p12 file - for decryption of XML response.

3) XXX.cer file - for encrypting the session keys , input XML etc.

Since the files are on a particular file path location , the code is running fine.So for in the pre-production environment we have procured the CryptoGraphic Token from a CA and imported the XXX.p12 file for testing of the same, i am successfully able to digitally sign the request , However in case of decrypting the session key that is encrypted by the server using "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" i am getting the error as :-




My Testing Method is :-



I have found the issue is that the implementation of SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" is not compatible with other implementations (BouncyCastle/IAIK/PKCS11)

When setting AlgorithmParameters (with OAEPParameterSpec) an exception is thrown (javax.crypto.BadPaddingException)

Refer : Problems with Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" Bug Details: https://bugs.openjdk.java.net/browse/JDK-7038158?page=com.atlassian.jira.plugin.system.issuetabpanels%3aworklog-tabpanel

Is their any way that i can decrypt the data for RSA-OAEP padding.

 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Once again I don't understand! You encrypt using "OAEPWITHSHA-256ANDMGF1PADDING" and then decrypt using "PKCS1Padding" and wonder why you get a javax.crypto.BadPaddingException ! Also, you say the problem is due to SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" but you are using bcProvider which presumably means BouncyCastle!

These inconsistencies make it difficult for anyone to take your problem seriously!

P.S. Did you look at the end of the bug report for a suggested way round the SunJCE provider bug?
 
Manish Sahni
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
whether the encryption Scheme is using SunJCE or BC for RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING transformation , my requirement is to decrypt the response coming from the server and that too by accessing the key stored in the Hard token.
Since i am using SunPKCS11 Provider, it does not provide the support for decrypting OAEP padding coming from the server end, hence i need to know is it possible that i can decrypt the response with such a Transformation in SunPKCS11.


Thanks



Richard Tookey wrote:Once again I don't understand! You encrypt using "OAEPWITHSHA-256ANDMGF1PADDING" and then decrypt using "PKCS1Padding" and wonder why you get a javax.crypto.BadPaddingException ! Also, you say the problem is due to SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" but you are using bcProvider which presumably means BouncyCastle!

These inconsistencies make it difficult for anyone to take your problem seriously!

P.S. Did you look at the end of the bug report for a suggested way round the SunJCE provider bug?

 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The BUG report you cited refers to the SunJCE provider and not the SunPKCS11 provider but since it is possible that the padding code it common to both then the BUG may be applicable. If you read to the end of the BUG report then you will see that a suggested work around for dealing with the BUG is to decrypt with no padding and write code to remove the MGF1 padding. The specification for MGF1 padding is available in rfc2437 which Google will find. As an alternative to coding MGF1 from scratch you could look at the Bouncy Castle source and extract the bits you need.




 
Manish Sahni
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your response BTW , SunPKCS11 does not support NoPadding in version less than JDK 7 and only JDK 7 32 bit JRE (Windows Environment) and 32/64 Bit JDK 7 for Linux Environment.

For such a Transformation , OAEP padding removal becomes a mandate , i also do think that i need to remove it manually in the code itself after decryption.

RSAPadding.unpad might do the trick.

Thanks

Richard Tookey wrote:The BUG report you cited refers to the SunJCE provider and not the SunPKCS11 provider but since it is possible that the padding code it common to both then the BUG may be applicable. If you read to the end of the BUG report then you will see that a suggested work around for dealing with the BUG is to decrypt with no padding and write code to remove the MGF1 padding. The specification for MGF1 padding is available in rfc2437 which Google will find. As an alternative to coding MGF1 from scratch you could look at the Bouncy Castle source and extract the bits you need.




 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic