Interoperability Problem with JceKeyAgreeRecipientInfoGenerator

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Interoperability Problem with JceKeyAgreeRecipientInfoGenerator

Christian Felsing
Hello,

when encrypting a message with EC based certificates using code
fragment at end of this message I get an ASN1 structure with algorithm
parameter "NULL" in d.originatorKey. This causes problems when
decrypting CMS message with e.g. PKI.js. According to PKI.js author
that's not correct, see https://github.com/PeculiarVentures/PKI.js/issu
es/119

Maybe I am using JceKeyAgreeRecipientInfoGenerator in a wrong way?

Is there any way to set d.originatorKey.algorithm.parameter to an other
value than "NULL"?

best regards
Christian


---cut here---
CMS_ContentInfo:
  contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
  d.envelopedData:
    version: 2
    originatorInfo: <ABSENT>
    recipientInfos:
      d.kari:
        version: 3
        d.originatorKey:
          algorithm:
            algorithm: id-ecPublicKey (1.2.840.10045.2.1)
            parameter: NULL
          publicKey:  (0 unused bits)
            0000 - 04 cb 14 9b 49 af 1d c5-76 5c e9 e1 37
e7   ....I...v\..7.
            000e - e2 93 d5 35 5b f6 c4 0e-cf 13 ea 46 11
74   ...5[......F.t
            001c - e1 fd 18 21 24 ba a9 9b-59 8e 76 c7 c1
a4   ...!$...Y.v...
            002a - cc 8a 40 62 7a 30 a5 4a-ef b0 ad 76 99 9f   ..@bz0.J
...v..
            0038 - e3 07 85 b3 2c a3 b6 0b-
1d                  ....,....
        ukm:
          0000 - a7 b1 f2 e2 55 d6 3d 54-52 79 2d ef bd 65
91   ....U.=TRy-..e.
          000f - dd 42 bc a8 49 cb 76 8a-52 23 9c 87 28 85
eb   .B..I.v.R#..(..
          001e - 9e 3f a7 01 64 0c 58 26-30 9f 3f 42 07 78
1b   .?..d.X&0.?B.x.
          002d - 8f cd 97 44 b5 e0 60 69-6c 26 a2 90 36 5d
0e   ...D..`il&..6].
          003c - d4 2e 2e d8                                    ....
        keyEncryptionAlgorithm:
          algorithm: dhSinglePass-stdDH-sha512kdf-scheme
(1.3.132.1.11.3)
          parameter: SEQUENCE:
    0:d=0  hl=2 l=  11 cons: SEQUENCE    
    2:d=1  hl=2 l=   9 prim:  OBJECT            :id-aes256-wrap
        recipientEncryptedKeys:
            d.issuerAndSerialNumber:
              issuer: C=DE, O=Honest Achmet, OU=Used cars, CN=CA-ECDSA
              serialNumber: 4853495651555449
            encryptedKey:
              0000 - 5b 12 ab 70 e7 11 a3 26-a9 82 dd b7 3c
01   [..p...&....<.
              000e - bc e2 8b 9f 39 d2 fe c1-15 90 50 dc bd
03   ....9.....P...
              001c - cc c0 be ca 2f 58 bc 16-81 2a b6
2e         ..../X...*..
    encryptedContentInfo:
      contentType: pkcs7-data (1.2.840.113549.1.7.1)
      contentEncryptionAlgorithm:
        algorithm: aes-256-cbc (2.16.840.1.101.3.4.1.42)
        parameter: OCTET STRING:
          0000 - 74 de 0a 21 fb 9b 96 e2-8a 74 60 90 83 2f
e9   t..!.....t`../.
          000f - 3d                                             =
      encryptedContent:
        0000 - c8 8e 79 1e 0d 13 c3 74-5e c5 8c 5f 33 8a
94   ..y....t^.._3..
        000f - fe 74 f8 61 f9 e7 f3 bb-cf 63 0e eb 47 95
10   .t.a.....c..G..
...
---cut here---

---cut here---
private byte[] encryptEC(PrivateKey privateKeySender, X509Certificate
certSender, X509Certificate certRcpt, byte[] plainText)
            throws CMSException, IOException, CertificateException {

        SecureRandom random = new SecureRandom();
        CMSEnvelopedDataGenerator gen = new
CMSEnvelopedDataGenerator();

        JceKeyAgreeRecipientInfoGenerator rig = new
JceKeyAgreeRecipientInfoGenerator(
                CMSAlgorithm.ECDH_SHA512KDF,
                privateKeySender,
                certSender.getPublicKey(),
                CMSAlgorithm.AES256_WRAP
        );

        rig.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        rig.addRecipient(certRcpt);

        byte[] ukm = new byte[64];
        random.nextBytes(ukm);
        rig.setUserKeyingMaterial(ukm);
        gen.addRecipientInfoGenerator(rig);

        OutputEncryptor encryptor =
                new
BcCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).build();

        CMSEnvelopedData cmsEnvelopedData = gen.generate(new
CMSProcessableByteArray(plainText), encryptor);

        return cmsEnvelopedData.getEncoded();
    }
---cut here---