A23149577
Reputation: 2145
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_WRAPPED_KEY_INVALID
I want to decrypt a CMSEnvelopedDatausing BouncyCastleand PKCS11libraries in java.
Everything was going well until I encountered this problem:
I can successfully retrieve recipient information:
CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(signedAndEncryptedMessage); Collection recip = cmsEnvelopedData.getRecipientInfos().getRecipients(); KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation)recip.iterator().next();
Now, when I want to decrypt this data using recipient private key:
if (rinfo != null) {
LOGGER.debug("Decrypting...");
byte[] receivedData = rinfo.getContent(
new JceKeyTransEnvelopedRecipient(
recipientPrivateKey
// PKCS11
).setProvider(SUN_PKCS11_PROVIDER).setContentProvider(BOUNCY_CASTLE_PROVIDER).setContentProvider(SUN_PKCS11_PROVIDER)
// MSCAPI
// ).setProvider(SUN_MSCAPI_PROVIDER)
);
LOGGER.debug("Done decrypting...");
I've got this exception:
org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: doFinal() failed
at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at ir.dpi.pki.namad.cms.Main.decryptAndVerify(Main.java:283)
at ir.dpi.pki.namad.cms.Main.main(Main.java:92)
at ir.dpi.pki.namad.cms.MainTest.mainTest_DecryptAndVerify(MainTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:74)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:211)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: doFinal() failed
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
... 34 more
Caused by: javax.crypto.BadPaddingException: doFinal() failed
at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:362)
at sun.security.pkcs11.P11RSACipher.engineDoFinal(P11RSACipher.java:387)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
... 35 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_WRAPPED_KEY_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_Decrypt(Native Method)
at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:341)
... 37 more
I can not figure out the problem. I am using a Nexus smart card reader (smart token) which consists of my private key and a valid certificate.
Upvotes: 2
Views: 4403
Answers (1)
A23149577
Reputation: 2145
I found the problem, I hope this post will help those who may encounter this kind of exception.
In my code I encrypted the message with a RecipientCertificate which is not the same as my Decryption Certificate in Recipient's Smart Token! I made this mistake and it takes me the whole three days to resolve it. Anyway, BadPaddingException made me think about cipher mode or padding.
Upvotes: 1
Related Questions
- Failed to parse RSA publicKey in Java
- Exception in thread "main" java.lang.ClassCastException: sun.security.x509.X509CertImpl cannot be cast to java.security.PrivateKey
- Bouncycastle can't generate private key - Unknown KeySpec type: java.security.spec.X509EncodedKeySpec
- Update org.bouncycastle.jce.PKCS10CertificationRequest to org.bouncycastle.pkcs.PKCS10CertificationRequest;
- why is thrown this exception: cannot create signer: no such algorithm: SHA256WITHRSA for provider SunPKCS11?
- Error on class sun.security.pkcs11.SunPKCS11
- PKCS11Exception ckr_attribute_type_invalid
- PKCS12 CERTIFICATE ERROR
- java.security.NoSuchAlgorithmException: no such algorithm: SHA1WITHRSA for provider BC
- PKCS11Exception: CKR_KEY_FUNCTION_NOT_PERMITTED