This discussion is archived
8 Replies Latest reply: Mar 9, 2012 6:59 AM by 921780 RSS

Problems decrypting using mscapi

921780 Newbie
Currently Being Moderated
Hi,

I'm trying to decrypt a cyphertext using sunmscapi, and it fails when I use a privatekey with length of 2048. This code works when I use a key with length equals 1024.

I'm using Ikey 4000 cryptographic token and windows XP sp3.

My code is:
    public String decrypt(String crypted, String alias) throws GeneralSecurityException {
     
     String decrypted = new String();

     Key privateKey = this.keyStore.getKey(alias, null);
        System.out.println("provider name: "+ this.providerName);
        System.out.println("private Key: " + privateKey.toString());

     Cipher dcipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", Security.getProvider(this.providerName));
     dcipher.init(Cipher.DECRYPT_MODE, privateKey);

        decrypted = new String(dcipher.doFinal(crypted.getBytes()));
       
     return decrypted;

    }
The error it gives me is:
provider name: SunMSCAPI
private Key: RSAPrivateKey [size=2048 bits, type=Exchange, container=4ccbfbd2-bd47-47ae-b0ae-2f749be12522]
java.security.ProviderException: java.security.KeyException: An internal error occurred.

     at sun.security.mscapi.RSACipher.doFinal(RSACipher.java:297)
     at sun.security.mscapi.RSACipher.engineDoFinal(RSACipher.java:321)
     at javax.crypto.Cipher.doFinal(Cipher.java:2086)
     at br.gov.serpro.cert.DigitalCertificate.decrypt(DigitalCertificate.java:940)
     at TestApplet.start(TestApplet.java:189)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.KeyException: An internal error occurred.

     at sun.security.mscapi.RSACipher.encryptDecrypt(Native Method)
     at sun.security.mscapi.RSACipher.doFinal(RSACipher.java:289)
     ... 7 more
Any ideas of what must be going on?


Mário César Kolling
  • 1. Re: Problems decrypting using mscapi
    sabre150 Expert
    Currently Being Moderated
    Looks to me like you have not installed the 'Unlimited Strength" files.
  • 2. Re: Problems decrypting using mscapi
    921780 Newbie
    Currently Being Moderated
    I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.

    The problem persists.


    Mário César Kolling
  • 3. Re: Problems decrypting using mscapi
    sabre150 Expert
    Currently Being Moderated
    Esakol wrote:
    I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
    If you are 100% ++++ sure that you have correctly installed the 'unlimited strength' files then now is the time to ask for support from iKey.
  • 4. Re: Problems decrypting using mscapi
    gimbal2 Guru
    Currently Being Moderated
    Esakol wrote:
    I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
    - Where did you install them?
    - since its an applet, you did close all browser instances before installing the files, right?
    - Is that the only runtime on your system?
    - if there are multiple, are you sure that the one you installed the files in is the one being used by the browser plugin?
  • 5. Re: Problems decrypting using mscapi
    921780 Newbie
    Currently Being Moderated
    gimbal2 wrote:
    Esakol wrote:
    I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
    - Where did you install them?
    C:\Program Files\Java\jre7\lib\security and C:\Program Files\Java\jre6\lib\security
    - since its an applet, you did close all browser instances before installing the files, right?
    Yes.
    - Is that the only runtime on your system?
    No, but I have installed on both JREs (6 and 7).
    - if there are multiple, are you sure that the one you installed the files in is the one being used by the browser plugin?
    I have tested with just one enabled at a time (enabling/disabling through JRE Control Panel). Restarting the browser at each try.

    I wonder if this could be an issue with the windows CSPs setup.
  • 6. Re: Problems decrypting using mscapi
    wetmore Newbie
    Currently Being Moderated
    The default_local.policy file does not have restrictions on RSA:

    permission javax.crypto.CryptoPermission "RSA", *;

    I concur with sabre150, might be worth checking in with iKey. The code this calls to is MSCAPI's ::CryptDecrypt()), and the error message is apparently coming from GetLastError(), so it's likely coming out from MSCAPI.

    Good luck.
  • 7. Re: Problems decrypting using mscapi
    921780 Newbie
    Currently Being Moderated
    More info.

    I have tested with an Alladin eToken pro 32k with Private Key length of 2048 bits. Same error occurs.
    This doesn't appear to be a specific problem with the iKey token.
  • 8. Re: Problems decrypting using mscapi
    sabre150 Expert
    Currently Being Moderated
    Though this is probably nothing to do with your current problem, I do note that you are committing one of major crimes of Java cryptography in that you are storing binary data ( referenced by 'crypted' ) as a String. i.e.
     public String decrypt(String crypted, String alias) throws GeneralSecurityException {
         
         ....
     
            decrypted = new String(dcipher.doFinal(crypted.getBytes()));
           ....

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points