Quantcast

J2ME SubjectPublicKeyInfo Bad sequence size

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

J2ME SubjectPublicKeyInfo Bad sequence size

Markus Kilås
Hi all,

I have a problem with Lightweight Bouncy Castle in a MIDlet. What I  
want to do is to use a certificate I created using the Sun keytool.

I have created and exported the certificate with:

keytool -genkey -dname "CN=Markus Cert1, OU=OrganizationUnit,  
O=Organization, L=Kista, C=SE" -alias markus1 -keyalg RSA -sigalg  
SHA1withRSA -keysize 1024

keytool -export -alias markus1 -file markus1.cer

Now I have put the file in the MIDlet's JAR and can read it with  
getClass().getResourceAsStream("markus1.cer").

As I have understand it I should do something similar to this to  
extract the public key:

ASN1InputStream aIn = new  
ASN1InputStream(getClass().getResourceAsStream("markus1.cer"));

ASN1Sequence encodedSeq = (ASN1Sequence) aIn.readObject();
System.out.println(encodedSeq);

SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(encodedSeq);
RSAPublicKeyStructure pk =  
RSAPublicKeyStructure.getInstance(pkInfo.getPublicKey());
RSAKeyParameters pubParameters = new RSAKeyParameters(false,  
pk.getModulus(), pk.getPublicExponent());
AsymmetricBlockCipher rsaEngine = new RSAEngine();
rsaEngine.init(true, pubParameters);

Running this produces the following output:
[[[0]2, 1221569655, [1.2.840.10040.4.3], [[[2.5.4.6, SE]], [[2.5.4.10,  
Org AB]], [[2.5.4.3, Markus cert3]]], [i@79a8b580, i@e3f7d027],  
[[[2.5.4.6, SE]], [[2.5.4.10, Org AB]], [[2.5.4.3, Markus cert3]]],  
[[1.2.840.10040.4.1,  
[13088190903996951511983483683122365506884646407696936374873345058040775197443406172868981569754562621393026253626091122095573470801687662070231674030778383, 1283659209376627715581525601577138591140534132851, 3512732366771064443670380394589245041353755107508791893552138227270512204827979996680134667036178190796826053778364446985370190691885423117112608297449757]], #034300024034CA6B0898291D8D28370CAF20AFFFE143A7A64E56C57BCF0375E72CBA575F870A64D25D83D9B1A8D4C695339415F6F815A0997EC577C68F019347AA5C2D3129], [3][[2.5.29.15, TRUE, #030204b0]]], [1.2.840.10040.4.3],  
#033000302D021500A64C2096BCBC61A2D1A49B5A0ACE30A584F1765802146B94D250AB67DC5BAEF8C68EAB90384B5A09D427]
startApp threw an Exception
java.lang.IllegalArgumentException: Bad sequence size: 3

Any idea why my certificate contains 3 sequences or why  
SubjectPublicKeyInfo wants exactly 2 or what am I doing wrong?

Best regards,
Markus



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: J2ME SubjectPublicKeyInfo Bad sequence size

David Hook-2

The class you want to start with is X509CertificateStructure.

Regards,

David

On Tue, 2008-09-16 at 15:43 +0200, Markus Kilås wrote:

> Hi all,
>
> I have a problem with Lightweight Bouncy Castle in a MIDlet. What I  
> want to do is to use a certificate I created using the Sun keytool.
>
> I have created and exported the certificate with:
>
> keytool -genkey -dname "CN=Markus Cert1, OU=OrganizationUnit,  
> O=Organization, L=Kista, C=SE" -alias markus1 -keyalg RSA -sigalg  
> SHA1withRSA -keysize 1024
>
> keytool -export -alias markus1 -file markus1.cer
>
> Now I have put the file in the MIDlet's JAR and can read it with  
> getClass().getResourceAsStream("markus1.cer").
>
> As I have understand it I should do something similar to this to  
> extract the public key:
>
> ASN1InputStream aIn = new  
> ASN1InputStream(getClass().getResourceAsStream("markus1.cer"));
>
> ASN1Sequence encodedSeq = (ASN1Sequence) aIn.readObject();
> System.out.println(encodedSeq);
>
> SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(encodedSeq);
> RSAPublicKeyStructure pk =  
> RSAPublicKeyStructure.getInstance(pkInfo.getPublicKey());
> RSAKeyParameters pubParameters = new RSAKeyParameters(false,  
> pk.getModulus(), pk.getPublicExponent());
> AsymmetricBlockCipher rsaEngine = new RSAEngine();
> rsaEngine.init(true, pubParameters);
>
> Running this produces the following output:
> [[[0]2, 1221569655, [1.2.840.10040.4.3], [[[2.5.4.6, SE]], [[2.5.4.10,  
> Org AB]], [[2.5.4.3, Markus cert3]]], [i@79a8b580, i@e3f7d027],  
> [[[2.5.4.6, SE]], [[2.5.4.10, Org AB]], [[2.5.4.3, Markus cert3]]],  
> [[1.2.840.10040.4.1,  
> [13088190903996951511983483683122365506884646407696936374873345058040775197443406172868981569754562621393026253626091122095573470801687662070231674030778383, 1283659209376627715581525601577138591140534132851, 3512732366771064443670380394589245041353755107508791893552138227270512204827979996680134667036178190796826053778364446985370190691885423117112608297449757]], #034300024034CA6B0898291D8D28370CAF20AFFFE143A7A64E56C57BCF0375E72CBA575F870A64D25D83D9B1A8D4C695339415F6F815A0997EC577C68F019347AA5C2D3129], [3][[2.5.29.15, TRUE, #030204b0]]], [1.2.840.10040.4.3],  
> #033000302D021500A64C2096BCBC61A2D1A49B5A0ACE30A584F1765802146B94D250AB67DC5BAEF8C68EAB90384B5A09D427]
> startApp threw an Exception
> java.lang.IllegalArgumentException: Bad sequence size: 3
>
> Any idea why my certificate contains 3 sequences or why  
> SubjectPublicKeyInfo wants exactly 2 or what am I doing wrong?
>
> Best regards,
> Markus
>
>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: J2ME SubjectPublicKeyInfo Bad sequence size

Markus Kilås
Thanks David, it works perfectly now.

What I did was:

ASN1InputStream aIn = new  
ASN1InputStream(getClass().getResourceAsStream("markus1.cer"));
ASN1Sequence encodedSeq = (ASN1Sequence) aIn.readObject();
X509CertificateStructure x509 =  
X509CertificateStructure.getInstance(encodedSeq);
SubjectPublicKeyInfo pkInfo = x509.getSubjectPublicKeyInfo();
RSAPublicKeyStructure pk =  
RSAPublicKeyStructure.getInstance(pkInfo.getPublicKey());
RSAKeyParameters pubParameters = new RSAKeyParameters(false,  
pk.getModulus(), pk.getPublicExponent());
AsymmetricBlockCipher rsaEngine = new RSAEngine();
rsaEngine.init(false, pubParameters);

/Markus

Quoting David Hook <[hidden email]>:

>
> The class you want to start with is X509CertificateStructure.
>
> Regards,
>
> David
>
> On Tue, 2008-09-16 at 15:43 +0200, Markus Kilås wrote:
>> Hi all,
>>
>> I have a problem with Lightweight Bouncy Castle in a MIDlet. What I
>> want to do is to use a certificate I created using the Sun keytool.
>>
>> I have created and exported the certificate with:
>>
>> keytool -genkey -dname "CN=Markus Cert1, OU=OrganizationUnit,
>> O=Organization, L=Kista, C=SE" -alias markus1 -keyalg RSA -sigalg
>> SHA1withRSA -keysize 1024
>>
>> keytool -export -alias markus1 -file markus1.cer
>>
>> Now I have put the file in the MIDlet's JAR and can read it with
>> getClass().getResourceAsStream("markus1.cer").
>>
>> As I have understand it I should do something similar to this to
>> extract the public key:
>>
>> ASN1InputStream aIn = new
>> ASN1InputStream(getClass().getResourceAsStream("markus1.cer"));
>>
>> ASN1Sequence encodedSeq = (ASN1Sequence) aIn.readObject();
>> System.out.println(encodedSeq);
>>
>> SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(encodedSeq);
>> RSAPublicKeyStructure pk =
>> RSAPublicKeyStructure.getInstance(pkInfo.getPublicKey());
>> RSAKeyParameters pubParameters = new RSAKeyParameters(false,
>> pk.getModulus(), pk.getPublicExponent());
>> AsymmetricBlockCipher rsaEngine = new RSAEngine();
>> rsaEngine.init(true, pubParameters);
>>
>> Running this produces the following output:
>> [[[0]2, 1221569655, [1.2.840.10040.4.3], [[[2.5.4.6, SE]], [[2.5.4.10,
>> Org AB]], [[2.5.4.3, Markus cert3]]], [i@79a8b580, i@e3f7d027],
>> [[[2.5.4.6, SE]], [[2.5.4.10, Org AB]], [[2.5.4.3, Markus cert3]]],
>> [[1.2.840.10040.4.1,
>> [13088190903996951511983483683122365506884646407696936374873345058040775197443406172868981569754562621393026253626091122095573470801687662070231674030778383, 1283659209376627715581525601577138591140534132851, 3512732366771064443670380394589245041353755107508791893552138227270512204827979996680134667036178190796826053778364446985370190691885423117112608297449757]], #034300024034CA6B0898291D8D28370CAF20AFFFE143A7A64E56C57BCF0375E72CBA575F870A64D25D83D9B1A8D4C695339415F6F815A0997EC577C68F019347AA5C2D3129], [3][[2.5.29.15, TRUE, #030204b0]]],  
>> [1.2.840.10040.4.3],
>> #033000302D021500A64C2096BCBC61A2D1A49B5A0ACE30A584F1765802146B94D250AB67DC5BAEF8C68EAB90384B5A09D427]
>> startApp threw an Exception
>> java.lang.IllegalArgumentException: Bad sequence size: 3
>>
>> Any idea why my certificate contains 3 sequences or why
>> SubjectPublicKeyInfo wants exactly 2 or what am I doing wrong?
>>
>> Best regards,
>> Markus
>>
>>
>>
>
>
>




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Signed and enveloped data

Massimiliano_Ziccardi
Hi all..

Is there a way I can handle "signed and enveloped" data with bouncycastle?

Thanks in advance.
Massimiliano Ziccardi


----

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signed and enveloped data

David Hook-2

Assuming this is a CMS question, this is normally signed data wrapped in
enveloped data. You can probably work out the rest. The same applies to
OpenPGP as well in any case.

The PKCS#7/CMS structures that combine the two in one object are not
used - it was recognised that leaking the signers of an encrypted
document was not always a good idea.

Regards,

David

On Wed, 2008-09-17 at 16:03 +0200, [hidden email]
wrote:

> Hi all..
>
> Is there a way I can handle "signed and enveloped" data with bouncycastle?
>
> Thanks in advance.
> Massimiliano Ziccardi
>
>
> ----
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signed and enveloped data

Massimiliano_Ziccardi
Hi David.

Thank for your answer.

>The PKCS#7/CMS structures that combine the two in one object are not
>used - it was recognised that leaking the signers of an encrypted
>document was not always a good idea.

My problem is that I've to parse document produced by third parties. And,
unfortunately, they sent me
files PKCS#7 Signed and enveloped data (not an signed data inside an
enveloped one).

However, since I think bouncycastle do not implements it, I'm going to
implement it by my own.

I've already wrote a CMSSignedAndEnvelopedDataParser (still in alpha
version) based on the code inside
CMSEnvelopedDataParser and CMSSignedDataParser.

Do you think it could be of any interest for you?

Regards
Massimiliano Ziccardi



                                                                           
             David Hook                                                    
             <dgh@lockboxlabs.                                            
             com>                                                       To
                                       [hidden email]    
             18/09/2008 02.56                                           cc
                                       [hidden email]        
                                                                   Subject
                                       Re: [dev-crypto] Signed and        
                                       enveloped data                      
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Assuming this is a CMS question, this is normally signed data wrapped in
enveloped data. You can probably work out the rest. The same applies to
OpenPGP as well in any case.

The PKCS#7/CMS structures that combine the two in one object are not
used - it was recognised that leaking the signers of an encrypted
document was not always a good idea.

Regards,

David

On Wed, 2008-09-17 at 16:03 +0200, [hidden email]
wrote:
> Hi all..
>
> Is there a way I can handle "signed and enveloped" data with
bouncycastle?
>
> Thanks in advance.
> Massimiliano Ziccardi
>
>
> ----
>





----

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signed and enveloped data

sparkrisp
This post has NOT been accepted by the mailing list yet.
hello massimiliano, did you finished the signedandenveloped data parser?

I'm loooking for the same thing...

could you share it?

thanks a lot!

Ariel.
Loading...