Exception Unlock Key: Invalid Fill: Decryption Error
I am trying to decrypt a test.txt.p7b file that is encrypted using a certificate inside JKS.
I got this error while debugging my code. Appreciate if someone can explain why this error. My dongle is having a problem or I am having problems (basically I believe so). Many thanks
The error message is like below,
Exception in thread "main" org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: Decryption error
at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at TestingB.decryptData(TestingB.java:299)
at TestingB.main(TestingB.java:161)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: Decryption error
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
... 7 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
at javax.crypto.Cipher.doFinal(Cipher.java:2121)
... 8 more
And here is my decryption code.
FileInputStream fIn = new FileInputStream(_keyStorePath);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fIn, _password);
PrivateKey key = (PrivateKey) keystore.getKey("def","123456".toCharArray());
fIn.close();
File file = new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
FileInputStream fileInputStream = new FileInputStream(file);
byte[] encryptedAndSignedByte = new byte[(int)file.length()];
fileInputStream.read(encryptedAndSignedByte);
fileInputStream.close();
X509Certificate cert9 = (X509Certificate) keystore.getCertificate("abc");
KeyTransRecipientId recId = new JceKeyTransRecipientId(cert9.getIssuerX500Principal(), cert9.getSerialNumber());
CMSEnvelopedData enveloped = new CMSEnvelopedData(encryptedAndSignedByte);
RecipientInformationStore recipients = enveloped.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient(key);
ter.setContentProvider(BouncyCastleProvider.PROVIDER_NAME);
System.out.println("content : " + recipient.getContent(ter));
source to share
From here, I can't see what's going wrong, but an error occurs when decrypting the symmetric key with the RSA private key.
CMS is a container format. It contains methods for processing or copying data. If you have a conversion container, then the data in it is not directly encrypted with the RSA public key. Instead, it is encrypted with a random symmetric key (often called a data key or even a session key). This symmetric key is then encrypted with the public key.
RSA encryption first populates the data and then performs modular exponentiation with a public exponent. Transcript consists of modular exponentiation with a private exponent and undocumented. Modular exponentiation will now always be performed regardless of the data value or exponent. Therefore, if the data or key is invalid, the only exception is the padding exception.
Since the data in the container is most likely valid - you expect a decode error if it isn't - it is much more likely that the private key does not match the public key. This does not rule out implementation errors of the CMS library, but I would find it relatively unlikely that the CMS library is well tested.
Thus, I would suspect your key value, not your code. Of course, you can make mistakes in the code that reads or writes your key.
All that being said, I would definitely fix the stream handling in your code first. Just creating a buffer encryptedAndSignedByte
and calling it read
once is extremely naive. If it fixes this bug, please let us know.
source to share
I am fixing the code but the same problem occurs. I believe the encryption part shouldn't be a problem.
Decryption code:
public static void decrypt(final InputStream is, OutputStream os, Key key, String providerName) throws Exception {
final InputStream bis = new BufferedInputStream(is, bufferSize);
final OutputStream bos = new BufferedOutputStream(os, bufferSize);
final Iterator it = new CMSEnvelopedDataParser(bis).getRecipientInfos().getRecipients().iterator();
if (it.hasNext()) {
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);
final InputStream ris = recData.getContentStream();
fromInToOut(ris, bos);
}
os.close();
}
In the main class
new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileOutputStream E_fileOuputStream = new FileOutputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileInputStream E_fileInputStream = new FileInputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
decrypt(E_fileInputStream,E_fileOuputStream,key,"BC");
I believe the error was caused by this part of my decryption.
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);
source to share