Quantcast

encrypt using certificate with ECDSA algorithm

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

encrypt using certificate with ECDSA algorithm

sprasad
This post has NOT been accepted by the mailing list yet.
Hi,

I am trying to encrypt mail to recipient which has certificate with ECDSA algorithm. For this using below code :
SMIMEEnvelopedGenerator encrypter = new SMIMEEnvelopedGenerator();
JceKeyAgreeRecipientInfoGenerator rig = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, senderPrivKey, senderPubKey, CMSAlgorithm.AES128_WRAP);
                           rig.addRecipient(recipientCert);
                           encrypter.addRecipientInfoGenerator(rig);

MimeBodyPart encryptedPart = encrypter.generate(mimeMessage, new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC).setProvider(BC).build());

The code works if the sender certificate is also having ECDSA algorithm but fails if sender certificate has RSA algorithm. Get below exception:

 com.zimbra.cs.mailbox.MailSender$SafeSendFailedException: MESSAGE_NOT_DELIVERED; chained exception is:
        org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$WrappingIOException: org.bouncycastle.cms.CMSException: Cannot perform agreement step: can't identify EC private key.

I guess for RSA certificate need to use different agreement algorithm than CMSAlgorithm.ECDH_SHA1KDF. but not sure whats the value should be?
Loading...