问题
With Java and BouncyCastle I am able to decrypt lots of S/MIME enveloped messages.
But when the key encryption algorithm is 1.2.840.113549.1.1.7 (id-RSAES-OAEP), the decryption fails (stack trace at the end of this question).
The line where it happens:
content = messageRecipientInfo.getContent(new JceKeyTransEnvelopedRecipient(pc).setProvider("BC"));
Formerly I used that line to decrypt:
content = messageRecipientInfo.getContent(givenCertRecipient);
It's all the same.
Any guess?
- EDIT *
I now tried to ENCRYPT data with OAEP. Therefore I've found code directly inside BouncyCastle in the file cms/test/NewEnvelopedDataTest.java Even that doesn't work! The same error:
String BC = BouncyCastleProvider.PROVIDER_NAME;
KeyPair _reciKP = CMSTestUtil.makeKeyPair();
String _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
KeyPair _signKP = CMSTestUtil.makeKeyPair();
String _signDN = "O=Bouncy Castle, C=AU";
X509Certificate _reciCertOaep = CMSTestUtil.makeOaepCertificate(_reciKP, _reciDN, _signKP, _signDN);
byte[] data = "WallaWallaWashington".getBytes();
CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCertOaep).setProvider(BC));
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCertOaep.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCertOaep.getPublicKey()).setProvider(BC));
Here during the last step it crashes: "cannot initialise algorithm parameters: Operation not supported"
CMSEnvelopedData edd = edGen.generate(
new CMSProcessableByteArray(data),
new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
What is the problem? I can't see it...
org.bouncycastle.cms.CMSException: exception unwrapping key: cannot initialise algorithm parameters: Operation not supported at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(JceKeyTransRecipient.java:169) at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(JceKeyTransEnvelopedRecipient.java:26) at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(KeyTransRecipientInformation.java:48) at org.bouncycastle.cms.RecipientInformation.getContentStream(RecipientInformation.java:169) at org.bouncycastle.cms.RecipientInformation.getContent(RecipientInformation.java:150) at CryptoTools.decryptAndVerifyFile(CryptoTools.java:1030) at FormMain$2.actionPerformed(FormMain.java:403) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$500(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source) Caused by: org.bouncycastle.operator.OperatorCreationException: cannot initialise algorithm parameters: Operation not supported at org.bouncycastle.operator.jcajce.OperatorHelper.createAlgorithmParameters(OperatorHelper.java:254) at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(JceAsymmetricKeyUnwrapper.java:100) at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(JceKeyTransRecipient.java:158) ... 42 more Caused by: java.io.IOException: Operation not supported at org.bouncycastle.jcajce.provider.asymmetric.rsa.AlgorithmParametersSpi$OAEP.engineInit(AlgorithmParametersSpi.java:83) at java.security.AlgorithmParameters.init(Unknown Source) at org.bouncycastle.operator.jcajce.OperatorHelper.createAlgorithmParameters(OperatorHelper.java:250) ... 44 more
来源:https://stackoverflow.com/questions/43590554/decrypttion-fails-on-s-mime-enveloped-message-with-oaep-key-encryption