Clarity on "no key size for algorithm" exception

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Clarity on "no key size for algorithm" exception

Shawn_White@trendmicro.com
Hello,

Question regarding PKCS1/8 support.

I'm using BC 1.66 (bcprov-jdk15on, bcpkix-jdk15on jars)

I'm writing some Java software to read private keys in PEM format either encrypted or not using PKCS1 or 8.

In some cases, I'm getting the following errors reading encrypted keys.

"java.lang.IllegalStateException: no key size for algorithm: 1.2.840.113549.3.2"

In this case, the PK was created using openssl and rc2 algorithm.

My question is what encryption algorithms does BC supporte for PKCS1/8. I've been reading the RFC on the format but it's not clicking for me.

In my testing I see the following encryption works (e.g. can decrypt PK created from openssl) but others do not.


Format: PKCS1, Keycipher: aes-128-cbc              | pass   |
Format: PKCS1, Keycipher: aes-128-cfb              | pass   |
Format: PKCS1, Keycipher: aes-128-ofb              | pass   |
Format: PKCS1, Keycipher: aes-192-cbc              | pass   |
Format: PKCS1, Keycipher: aes-192-cfb              | pass   |
Format: PKCS1, Keycipher: aes-192-ofb              | pass   |
Format: PKCS1, Keycipher: aes-256-cbc              | pass   |
Format: PKCS1, Keycipher: aes-256-cfb              | pass   |
Format: PKCS1, Keycipher: aes-256-ofb              | pass   |
Format: PKCS1, Keycipher: aes128                   | pass   |
Format: PKCS1, Keycipher: aes192                   | pass   |
Format: PKCS1, Keycipher: aes256                   | pass   |
Format: PKCS1, Keycipher: bf                       | pass   |
Format: PKCS1, Keycipher: bf-cbc                   | pass   |
Format: PKCS1, Keycipher: bf-cfb                   | pass   |
Format: PKCS1, Keycipher: bf-ofb                   | pass   |
Format: PKCS1, Keycipher: blowfish                 | pass   |
Format: PKCS1, Keycipher: des                      | pass   |
Format: PKCS1, Keycipher: des-cbc                  | pass   |
Format: PKCS1, Keycipher: des-cfb                  | pass   |
Format: PKCS1, Keycipher: des-ede-cbc              | pass   |
Format: PKCS1, Keycipher: des-ede-cfb              | pass   |
Format: PKCS1, Keycipher: des-ede-ofb              | pass   |
Format: PKCS1, Keycipher: des-ede3-cbc             | pass   |
Format: PKCS1, Keycipher: des-ede3-cfb             | pass   |
Format: PKCS1, Keycipher: des-ede3-ofb             | pass   |
Format: PKCS1, Keycipher: des-ofb                  | pass   |
Format: PKCS1, Keycipher: des3                     | pass   |
Format: PKCS1, Keycipher: rc2                      | pass   |
Format: PKCS1, Keycipher: rc2-128                  | pass   |
Format: PKCS1, Keycipher: rc2-40                   | pass   |
Format: PKCS1, Keycipher: rc2-40-cbc               | pass   |
Format: PKCS1, Keycipher: rc2-64                   | pass   |
Format: PKCS1, Keycipher: rc2-64-cbc               | pass   |
Format: PKCS1, Keycipher: rc2-cbc                  | pass   |
Format: PKCS1, Keycipher: rc2-cfb                  | pass   |
Format: PKCS1, Keycipher: rc2-ofb                  | pass   |



Format: PKCS8, Keycipher: aes-128-cbc              | pass   |
Format: PKCS8, Keycipher: aes-192-cbc              | pass   |
Format: PKCS8, Keycipher: aes-256-cbc              | pass   |
Format: PKCS8, Keycipher: aes128                   | pass   |
Format: PKCS8, Keycipher: aes192                   | pass   |
Format: PKCS8, Keycipher: aes256                   | pass   |
Format: PKCS8, Keycipher: camellia-128-cbc         | pass   |
Format: PKCS8, Keycipher: camellia-192-cbc         | pass   |
Format: PKCS8, Keycipher: camellia-256-cbc         | pass   |
Format: PKCS8, Keycipher: camellia128              | pass   |
Format: PKCS8, Keycipher: camellia192              | pass   |
Format: PKCS8, Keycipher: camellia256              | pass   |
Format: PKCS8, Keycipher: cast                     | pass   |
Format: PKCS8, Keycipher: cast-cbc                 | pass   |
Format: PKCS8, Keycipher: cast5-cbc                | pass   |
Format: PKCS8, Keycipher: des                      | pass   |
Format: PKCS8, Keycipher: des-cbc                  | pass   |
Format: PKCS8, Keycipher: des-ede3-cbc             | pass   |
Format: PKCS8, Keycipher: des3                     | pass   |
Format: PKCS8, Keycipher: seed                     | pass   |
Format: PKCS8, Keycipher: seed-cbc                 | pass   |

Some that cannot be decrypted and get the above error are:

Format: PKCS8, Keycipher: aes-128-cfb              | fail   |
Format: PKCS8, Keycipher: aes-128-ofb              | fail   |

Any clarity you could provide would be very helpful.

Thanks,
Shawn




TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

For details about what personal information we collect and why, please see our Privacy Notice on our website at: Read privacy policy

Reply | Threaded
Open this post in threaded view
|

Re: Clarity on "no key size for algorithm" exception

Peter Dettman-3
Hi Shawn,
As you can see there are lots of algorithms. We add support for them as
they are reported to us. Usually we already support all the crypto and
are just missing an OID entry in a table, which is the immediate cause
of this failure (missing an entry for RC2_CBC, although we have e.g.
pbeWithSHAAnd128BitRC2_CBC) - it's not always obvious what is the best
OID to use, nor what other software will choose.

It might be best to open an issue at https://github.com/bcgit/bc-java,
including the exact openssl command line(s) and sample Java code that
you are using so that we can be sure that we are fixing your use case.

Regards,
Pete Dettman


On 21/1/21 9:52 am, [hidden email] wrote:

> Hello,
>
> Question regarding PKCS1/8 support.
>
> I'm using BC 1.66 (bcprov-jdk15on, bcpkix-jdk15on jars)
>
> I'm writing some Java software to read private keys in PEM format either
> encrypted or not using PKCS1 or 8.
>
> In some cases, I'm getting the following errors reading encrypted keys.
>
> "java.lang.IllegalStateException: no key size for algorithm:
> 1.2.840.113549.3.2"
>
> In this case, the PK was created using openssl and rc2 algorithm.
>
> My question is what encryption algorithms does BC supporte for PKCS1/8.
> I've been reading the RFC on the format but it's not clicking for me.
>
> In my testing I see the following encryption works (e.g. can decrypt PK
> created from openssl) but others do not.
>
>
> Format: PKCS1, Keycipher: aes-128-cbc              | pass   |
> Format: PKCS1, Keycipher: aes-128-cfb              | pass   |
> Format: PKCS1, Keycipher: aes-128-ofb              | pass   |
> Format: PKCS1, Keycipher: aes-192-cbc              | pass   |
> Format: PKCS1, Keycipher: aes-192-cfb              | pass   |
> Format: PKCS1, Keycipher: aes-192-ofb              | pass   |
> Format: PKCS1, Keycipher: aes-256-cbc              | pass   |
> Format: PKCS1, Keycipher: aes-256-cfb              | pass   |
> Format: PKCS1, Keycipher: aes-256-ofb              | pass   |
> Format: PKCS1, Keycipher: aes128                   | pass   |
> Format: PKCS1, Keycipher: aes192                   | pass   |
> Format: PKCS1, Keycipher: aes256                   | pass   |
> Format: PKCS1, Keycipher: bf                       | pass   |
> Format: PKCS1, Keycipher: bf-cbc                   | pass   |
> Format: PKCS1, Keycipher: bf-cfb                   | pass   |
> Format: PKCS1, Keycipher: bf-ofb                   | pass   |
> Format: PKCS1, Keycipher: blowfish                 | pass   |
> Format: PKCS1, Keycipher: des                      | pass   |
> Format: PKCS1, Keycipher: des-cbc                  | pass   |
> Format: PKCS1, Keycipher: des-cfb                  | pass   |
> Format: PKCS1, Keycipher: des-ede-cbc              | pass   |
> Format: PKCS1, Keycipher: des-ede-cfb              | pass   |
> Format: PKCS1, Keycipher: des-ede-ofb              | pass   |
> Format: PKCS1, Keycipher: des-ede3-cbc             | pass   |
> Format: PKCS1, Keycipher: des-ede3-cfb             | pass   |
> Format: PKCS1, Keycipher: des-ede3-ofb             | pass   |
> Format: PKCS1, Keycipher: des-ofb                  | pass   |
> Format: PKCS1, Keycipher: des3                     | pass   |
> Format: PKCS1, Keycipher: rc2                      | pass   |
> Format: PKCS1, Keycipher: rc2-128                  | pass   |
> Format: PKCS1, Keycipher: rc2-40                   | pass   |
> Format: PKCS1, Keycipher: rc2-40-cbc               | pass   |
> Format: PKCS1, Keycipher: rc2-64                   | pass   |
> Format: PKCS1, Keycipher: rc2-64-cbc               | pass   |
> Format: PKCS1, Keycipher: rc2-cbc                  | pass   |
> Format: PKCS1, Keycipher: rc2-cfb                  | pass   |
> Format: PKCS1, Keycipher: rc2-ofb                  | pass   |
>
>
>
> Format: PKCS8, Keycipher: aes-128-cbc              | pass   |
> Format: PKCS8, Keycipher: aes-192-cbc              | pass   |
> Format: PKCS8, Keycipher: aes-256-cbc              | pass   |
> Format: PKCS8, Keycipher: aes128                   | pass   |
> Format: PKCS8, Keycipher: aes192                   | pass   |
> Format: PKCS8, Keycipher: aes256                   | pass   |
> Format: PKCS8, Keycipher: camellia-128-cbc         | pass   |
> Format: PKCS8, Keycipher: camellia-192-cbc         | pass   |
> Format: PKCS8, Keycipher: camellia-256-cbc         | pass   |
> Format: PKCS8, Keycipher: camellia128              | pass   |
> Format: PKCS8, Keycipher: camellia192              | pass   |
> Format: PKCS8, Keycipher: camellia256              | pass   |
> Format: PKCS8, Keycipher: cast                     | pass   |
> Format: PKCS8, Keycipher: cast-cbc                 | pass   |
> Format: PKCS8, Keycipher: cast5-cbc                | pass   |
> Format: PKCS8, Keycipher: des                      | pass   |
> Format: PKCS8, Keycipher: des-cbc                  | pass   |
> Format: PKCS8, Keycipher: des-ede3-cbc             | pass   |
> Format: PKCS8, Keycipher: des3                     | pass   |
> Format: PKCS8, Keycipher: seed                     | pass   |
> Format: PKCS8, Keycipher: seed-cbc                 | pass   |
>
> Some that cannot be decrypted and get the above error are:
>
> Format: PKCS8, Keycipher: aes-128-cfb              | fail   |
> Format: PKCS8, Keycipher: aes-128-ofb              | fail   |
>
> Any clarity you could provide would be very helpful.
>
> Thanks,
> Shawn
>
>
>
>
> *TREND MICRO EMAIL NOTICE*
>
> The information contained in this email and any attachments is
> confidential and may be subject to copyright or other intellectual
> property protection. If you are not the intended recipient, you are not
> authorized to use or disclose this information, and we request that you
> notify us by reply mail or telephone and delete the original message
> from your mail system.
>
> For details about what personal information we collect and why, please
> see our Privacy Notice on our website at: Read privacy policy
> <http://www.trendmicro.com/privacy>
>