I want to use BouncyCastle to encrypt and decrypt using pkcs7 format. I have a hardware token. when I use Keypair in the jks file on my hard drive, it works fine, but when I use a key pair in the token it doesn't work. this is my exception:
Exception in thread "main" org.bouncycastle.cms.CMSException: cannot create cipher: No such algorithm: 2.16.840.1.101.3.4.1.2 at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createCipher(Unknown Source) at org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1.doInJCE(Unknown Source) at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.execute(Unknown Source) at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createContentCipher(Unknown Source) at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source) at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source) at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source) at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source) at pktb.PKTB.CmsDecrypt(PKTB.java:288) at pktb.PKTB.main(PKTB.java:419) Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 2.16.840.1.101.3.4.1.2 at javax.crypto.Cipher.getInstance(DashoA13*..) at javax.crypto.Cipher.getInstance(DashoA13*..) at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source) ... 10 more Java Result: 1
this is my encryption code:
public byte[] CmsEncrypt(byte[] message, KeyContainer keyContainer) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException { Security.addProvider(new BouncyCastleProvider()); X509Certificate cert = (X509Certificate) keyContainer.certificate; CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addKeyTransRecipient(cert); CMSProcessable data = new CMSProcessableByteArray(message); CMSEnvelopedData enveloped = gen.generate(data, CMSEnvelopedDataGenerator.AES128_CBC, "BC"); return enveloped.getEncoded(); }
and this is my decryption code:
public byte[] CmsDecrypt(byte[] cipher, KeyContainer keyContainer) throws CMSException, IOException, NoSuchProviderException { Security.addProvider(new BouncyCastleProvider()); byte[] contents=null; CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(new ByteArrayInputStream(cipher)); PrivateKey key = keyContainer.privateKey; X509Certificate cert = keyContainer.certificate; CMSEnvelopedData enveloped = new CMSEnvelopedData(cipher); Collection recip = enveloped.getRecipientInfos().getRecipients(); KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation) recip .iterator().next(); if(keyContainer.provider.equals("Software")) contents = rinfo.getContent( new JceKeyTransEnvelopedRecipient(key).setProvider("BC")); else contents = rinfo.getContent( new JceKeyTransEnvelopedRecipient(key).setProvider("SunPKCS11-" + keyContainer.provider)); System.out.println(new String(contents)); return contents; }
I have to say that I use this token provider for cmsSign and cmsVerify, and it works fine, so I think the problem is not for the provider.
java cryptography bouncycastle pkcs # 7
Mohsen gorgani
source share