JCAPI v2 can't find an algorithm supported by v1

igor.conti

Hi Tommy,

A little problem ocuurs when I try to decrypt using JCAPI provider, here is the error log :


org.bouncycastle.cms.CMSException: can't find algorithm.

	at org.bouncycastle.cms.RecipientInformation.getContentFromSessionKey(Unknown Source)

	at org.bouncycastle.cms.KeyTransRecipientInformation.getContentStream(Unknown Source)

	at org.bouncycastle.cms.KeyTransRecipientInformation.getContentStream(Unknown Source)

	at easyopen.process.signcrypt.SignCryptManager.decrypt(SignCryptManager.java:2573)

	at easyopen.process.signcrypt.SignCryptManager.traiteCrypt(SignCryptManager.java:625)

	at easyopen.process.Kernel.processFiles(Kernel.java:466)

	at easyopen.process.Kernel.traite(Kernel.java:233)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:113)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:106)

	at javax.swing.SwingWorker$1.call(Unknown Source)

	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

	at java.util.concurrent.FutureTask.run(Unknown Source)

	at javax.swing.SwingWorker.run(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

Caused by: java.security.NoSuchAlgorithmException: no such algorithm: 1.2.840.113549.3.7 for provider JCAPI

	at sun.security.jca.GetInstance.getService(Unknown Source)

	at sun.security.jca.GetInstance.getInstance(Unknown Source)

	at java.security.Security.getImpl(Unknown Source)

	at java.security.AlgorithmParameters.getInstance(Unknown Source)

	at org.bouncycastle.cms.CMSEnvelopedHelper.createAlgorithmParams(Unknown Source)

	at org.bouncycastle.cms.CMSEnvelopedHelper.createAlgorithmParameters(Unknown Source)

	... 16 more

The algorithm OID points to TripleDES but is not listed in the aliases supported by JCAPI v2. This OID doesn't create any problem with JCAPI v1.

Is there a mean to add this alias to JCAPI provider dynamically ?
If not could you provide a new release of JCAPI v2 that contains this alias ?

Thank you in advance.

Regards,
Igor

tommy

Hi Igor,

Nice to hear from you again.

Yes, JCAPI does not support your given 3DES alias. Actually it was not supported in version 1 either since support for natively executed symmetric ciphers was first introduced in version 2 of JCAPI. The reason it worked before for you was that you're using another JCE provider than JCAPI.

Anyway, I've implemented support for your 3DES + CBC alias. Now you can use any of the following aliases to create a your 3DES + CBC + PKCS#5 padding in one shot:
DESedewithCBC
TripleDESwithCBC
3DESwithCBC
1.2.840.113549.3.7

I've attached a release candidate of JCAPI below. Please try it out and check if it solves your problem.

Have a good day.

Regards,
Tommy

igor.conti

Hi Tommy,

Nice to hear (read

) you too.

Your new RC don't work properly (see error log below) but your post has given me an idea and I solved my problem by upgrading BouncyCastle to version 1.46 and specifying JCAPI for key recovery provider and BouncyCastle for content processing provider like this :


InputStream fin = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(key).setProvider("JCAPI").setContentProvider("BC")).getContentStream();

And it works perfectly so the new release is not useful anymore for me but I'm here for more tests if you need because it could be useful for other ones.

Here is the error log with your new release :


java.lang.IllegalStateException: You must first initialize this instance before calling this method.

	at com.pheox.jcapi.r.a(Unknown Source)

	at com.pheox.jcapi.JCAPISymmetricCipherDynamic.engineDoFinal(Unknown Source)

	at javax.crypto.Cipher.doFinal(Cipher.java:1969)

	at javax.crypto.CipherInputStream.close(CipherInputStream.java:299)

	at java.io.BufferedInputStream.close(Unknown Source)

	at java.io.FilterInputStream.close(Unknown Source)

	at java.io.BufferedInputStream.close(Unknown Source)

	at easyopen.process.signcrypt.SignCryptManager.decrypt(SignCryptManager.java:2716)

	at easyopen.process.signcrypt.SignCryptManager.traiteCrypt(SignCryptManager.java:687)

	at easyopen.process.Kernel.processFiles(Kernel.java:466)

	at easyopen.process.Kernel.traite(Kernel.java:233)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:113)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:106)

	at javax.swing.SwingWorker$1.call(Unknown Source)

	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

	at java.util.concurrent.FutureTask.run(Unknown Source)

	at javax.swing.SwingWorker.run(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

Regards,
Igor

tommy

Hi again Igor,

Good that you found an alternative solution.
I think I might have been a little to hasty with my patch. I'll check it out and make a more stable fix to be released later on.

Thanks.

Regards,
Tommy