search

OpenAS2 / OpenAs2App

OpenAS2 is a java-based implementation of the EDIINT AS2 standard. It is intended to be used as a server. It is extremely configurable and supports a wide variety of signing and encryption algorithms.
https://sourceforge.net/projects/openas2/
GNU General Public License v3.0
185 stars 137 forks source link

Image does not start with custom private key or keystore #365

Closed Stefan4112 closed 6 months ago

Stefan4112 commented 7 months ago

I added my own private key generated with KeyStoreExplorer (they use BouncyCastle). Then the docker image could not start anymore. Also tested to add the private key with a new keystore, but same issue.

2024-04-11 12:06:42 Caused by: org.openas2.WrappedException: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:237)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:221)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:244)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.init(PKCS12CertificateFactory.java:214)
2024-04-11 12:06:42     at org.openas2.util.XMLUtil.getComponent(XMLUtil.java:70)
2024-04-11 12:06:42     ... 5 more
2024-04-11 12:06:42 Caused by: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.unwrapKey(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.processShroudedKeyBag(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42     at java.base/java.security.KeyStore.load(Unknown Source)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:234)
2024-04-11 12:06:42     ... 9 more

Also I can not use the existing private key, because I can not decrypt on receiver side (different program).

org.bouncycastle.cms.CMSException: IOException reading content.
    at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
    at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
    at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source)
    at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source)
    ...
Caused by: java.io.IOException: unknown tag 23 encountered
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    ... 17 common frames omitted
uhurusurfa commented 7 months ago

Try using the scripts provided with OpenAS2 to creatre your keystore and add certificates to it. Also please confirm which version of OpenAS2 and which version(s) oif Java are in use on both sides.

uhurusurfa commented 6 months ago

Closing due to lack of further communication.