8 Replies Latest reply: Mar 9, 2012 9:15 AM by sabre150 RSS

    Problems decrypting using mscapi

    921780
      Hi,

      I'm trying to decrypt a cyphertext using sunmscapi, and it fails when I use a privatekey with length of 2048. This code works when I use a key with length equals 1024.

      I'm using Ikey 4000 cryptographic token and windows XP sp3.

      My code is:
          public String decrypt(String crypted, String alias) throws GeneralSecurityException {
           
           String decrypted = new String();
      
           Key privateKey = this.keyStore.getKey(alias, null);
              System.out.println("provider name: "+ this.providerName);
              System.out.println("private Key: " + privateKey.toString());
      
           Cipher dcipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", Security.getProvider(this.providerName));
           dcipher.init(Cipher.DECRYPT_MODE, privateKey);
      
              decrypted = new String(dcipher.doFinal(crypted.getBytes()));
             
           return decrypted;
      
          }
      The error it gives me is:
      provider name: SunMSCAPI
      private Key: RSAPrivateKey [size=2048 bits, type=Exchange, container=4ccbfbd2-bd47-47ae-b0ae-2f749be12522]
      java.security.ProviderException: java.security.KeyException: An internal error occurred.
      
           at sun.security.mscapi.RSACipher.doFinal(RSACipher.java:297)
           at sun.security.mscapi.RSACipher.engineDoFinal(RSACipher.java:321)
           at javax.crypto.Cipher.doFinal(Cipher.java:2086)
           at br.gov.serpro.cert.DigitalCertificate.decrypt(DigitalCertificate.java:940)
           at TestApplet.start(TestApplet.java:189)
           at sun.applet.AppletPanel.run(Unknown Source)
           at java.lang.Thread.run(Unknown Source)
      Caused by: java.security.KeyException: An internal error occurred.
      
           at sun.security.mscapi.RSACipher.encryptDecrypt(Native Method)
           at sun.security.mscapi.RSACipher.doFinal(RSACipher.java:289)
           ... 7 more
      Any ideas of what must be going on?


      Mário César Kolling
        • 1. Re: Problems decrypting using mscapi
          sabre150
          Looks to me like you have not installed the 'Unlimited Strength" files.
          • 2. Re: Problems decrypting using mscapi
            921780
            I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.

            The problem persists.


            Mário César Kolling
            • 3. Re: Problems decrypting using mscapi
              sabre150
              Esakol wrote:
              I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
              If you are 100% ++++ sure that you have correctly installed the 'unlimited strength' files then now is the time to ask for support from iKey.
              • 4. Re: Problems decrypting using mscapi
                gimbal2
                Esakol wrote:
                I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
                - Where did you install them?
                - since its an applet, you did close all browser instances before installing the files, right?
                - Is that the only runtime on your system?
                - if there are multiple, are you sure that the one you installed the files in is the one being used by the browser plugin?
                • 5. Re: Problems decrypting using mscapi
                  921780
                  gimbal2 wrote:
                  Esakol wrote:
                  I'm pretty sure I did installed those files, but still, just to be sure I downloaded and installed it again.
                  - Where did you install them?
                  C:\Program Files\Java\jre7\lib\security and C:\Program Files\Java\jre6\lib\security
                  - since its an applet, you did close all browser instances before installing the files, right?
                  Yes.
                  - Is that the only runtime on your system?
                  No, but I have installed on both JREs (6 and 7).
                  - if there are multiple, are you sure that the one you installed the files in is the one being used by the browser plugin?
                  I have tested with just one enabled at a time (enabling/disabling through JRE Control Panel). Restarting the browser at each try.

                  I wonder if this could be an issue with the windows CSPs setup.
                  • 6. Re: Problems decrypting using mscapi
                    wetmore
                    The default_local.policy file does not have restrictions on RSA:

                    permission javax.crypto.CryptoPermission "RSA", *;

                    I concur with sabre150, might be worth checking in with iKey. The code this calls to is MSCAPI's ::CryptDecrypt()), and the error message is apparently coming from GetLastError(), so it's likely coming out from MSCAPI.

                    Good luck.
                    • 7. Re: Problems decrypting using mscapi
                      921780
                      More info.

                      I have tested with an Alladin eToken pro 32k with Private Key length of 2048 bits. Same error occurs.
                      This doesn't appear to be a specific problem with the iKey token.
                      • 8. Re: Problems decrypting using mscapi
                        sabre150
                        Though this is probably nothing to do with your current problem, I do note that you are committing one of major crimes of Java cryptography in that you are storing binary data ( referenced by 'crypted' ) as a String. i.e.
                         public String decrypt(String crypted, String alias) throws GeneralSecurityException {
                             
                             ....
                         
                                decrypted = new String(dcipher.doFinal(crypted.getBytes()));
                               ....