search

Sahamati / rahasya

The project aims to simplify the usage of ECC curve (curve25519) with Diffie-Hellman Key exchange. The work is inline with the Account Aggregator Specification.
Apache License 2.0
13 stars 20 forks source link

Error while generating SharedKey - algorithm identifier 1.2.840.113549.1.1.1 in key not recognised #28

Open tapantfspl opened 2 years ago

tapantfspl commented 2 years ago

Getting following error while trying to generate Shared Key with a generated Public key (from this package) and my server's Private key.

{ "key": "", "errorInfo": { "errorCode": "java.security.spec.InvalidKeySpecException", "errorInfo": null, "errorMessage": "encoded key spec not recognized: algorithm identifier 1.2.840.113549.1.1.1 in key not recognised" } }

Steps to Reproduce

  1. Generate Key using /ecc/v1/generateKey API
  2. Take the Pubic Key value and use it in /ecc/v1/getSharedKey API
  3. Use Server's Private Key (in PKCS8PrivateKey format) with PEM headers added
  4. Hit the API with the values as obtained above

Expected behavior

Expected sharedkey as result.

Possible Fix

SO pointers point to upgrading org.bouncycastle library - which I upgraded from 1.64 to 1.70 - same error persists.

I am not an expert in Java but I used VSCode's ability to update my gradle config - which I am assuming did the right thing by getting the required version during the build.

Your Environment

The forwardsecrecy project is locally executed using VSCode debugger. Java version is SE 18+36-2087 mixed mode.

I am working on Windows 10 machine with the calls to forwardsecrecy coming from a .NET Core project.

Let me know if anything more is needed.

Screenshot of Swagger: image

Log messages on Console

image
tapantfspl commented 2 years ago

Further info.

I have made sure that the private key pem format is p8 without encryption using following openssl conversion.

$ openssl pkcs8 -in key1410.pem -topk8 -out p8key1410-nocrypt.pem -nocrypt

(pkcs8 key was obtained from pkcs12 pfx file).

I have enabled logs at DEBUG level and they are pasted here .

PS D:\Projects\sandbox\rahasya-main> d:; cd 'd:\Projects\sandbox\rahasya-main'; & 'C:\Program Files\Java\jdk-18\bin\java.exe' '-agentlib:jdwp=transport=dt_socket,server=n,suspend=y,address=localhost:3404' '-XX:+ShowCodeDetailsInExceptionMessages' '@C:\Users\fspl-~1\AppData\Local\Temp\cp_9kqfzyht8ujy8jc6227ps6pfy.argfile' 'io.yaazhi.forwardsecrecy.ForwardSecrecyApplication' BouncyCastle version is BouncyCastle Security Provider v1.64 BouncyCastle version is BouncyCastle Security Provider v1.64

. _ _ /\ / '_ () \ \ \ \ ( ( )\ | ' | '| | ' \/ ` | \ \ \ \ \/ _)| |)| | | | | || (| | ) ) ) ) ' |__| .|| ||| |\, | / / / / =========|_|==============|__/=//// :: Spring Boot :: (v2.2.3.RELEASE)

2022-10-14 07:50:50.450 INFO 9324 --- [ restartedMain] i.y.f.ForwardSecrecyApplication : Starting ForwardSecrecyApplication on FSPL-TECH with PID 9324 (D:\Projects\sandbox\rahasya-main\bin\main started by fspl-tech in D:\Projects\sandbox\rahasya-main) 2022-10-14 07:50:50.454 DEBUG 9324 --- [ restartedMain] i.y.f.ForwardSecrecyApplication : Running with Spring Boot v2.2.3.RELEASE, Spring v5.2.3.RELEASE 2022-10-14 07:50:50.455 INFO 9324 --- [ restartedMain] i.y.f.ForwardSecrecyApplication : No active profile set, falling back to default profiles: default 2022-10-14 07:50:50.638 INFO 9324 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable 2022-10-14 07:50:50.641 INFO 9324 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : For additional web related logging consider setting the 'logging.level.web' property to 'DEBUG' 2022-10-14 07:50:54.263 INFO 9324 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 2022-10-14 07:50:54.284 INFO 9324 --- [ restartedMain] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2022-10-14 07:50:54.285 INFO 9324 --- [ restartedMain] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.30] 2022-10-14 07:50:54.467 INFO 9324 --- [ restartedMain] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2022-10-14 07:50:54.468 INFO 9324 --- [ restartedMain] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3826 ms 2022-10-14 07:50:55.761 INFO 9324 --- [ restartedMain] o.s.b.a.e.web.EndpointLinksResolver : Exposing 5 endpoint(s) beneath base path '/actuator' 2022-10-14 07:50:55.921 INFO 9324 --- [ restartedMain] pertySourcedRequestMappingHandlerMapping : Mapped URL path [/v2/api-docs] onto method [springfox.documentation.swagger2.web.Swagger2Controller#getDocumentation(String, HttpServletRequest)] 2022-10-14 07:50:56.103 INFO 9324 --- [ restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2022-10-14 07:50:56.216 INFO 9324 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729 2022-10-14 07:50:56.532 INFO 9324 --- [ restartedMain] d.s.w.p.DocumentationPluginsBootstrapper : Context refreshed 2022-10-14 07:50:56.589 INFO 9324 --- [ restartedMain] d.s.w.p.DocumentationPluginsBootstrapper : Found 1 custom documentation plugin(s) 2022-10-14 07:50:56.673 INFO 9324 --- [ restartedMain] s.d.s.w.s.ApiListingReferenceScanner : Scanning for api listing references 2022-10-14 07:50:57.036 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_1 2022-10-14 07:50:57.042 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_2 2022-10-14 07:50:57.051 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_3 2022-10-14 07:50:57.067 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_4 2022-10-14 07:50:57.079 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_5 2022-10-14 07:50:57.086 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_6 2022-10-14 07:50:57.089 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_7 2022-10-14 07:50:57.113 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: decryptUsingPOST_1

2022-10-14 07:50:57.163 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: encryptUsingPOST_1 2022-10-14 07:50:55.761 INFO 9324 --- [ restartedMain] o.s.b.a.e.web.EndpointLinksResolver : Exposing 5 endpoint(s) beneath base path '/actuator' peration named: generateKeyUsingGE 2022-10-14 07:50:55.921 INFO 9324 --- [ restartedMain] pertySourcedRequestMappingHandlerMapping : Mapped URL path [/v2/api-docs] onto method [springfox.documentation.swagger2.web.Swagger2Controller#getDocumentation(String, HttpServletReperation named: getSharedKeyUsingPquest)] 2022-10-14 07:50:56.103 INFO 9324 --- [ restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing Executort(s): 8080 (http) with context porService 'applicationTaskExecutor' 2022-10-14 07:50:56.216 INFO 9324 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server iecyApplication in 7.826 seconds (Js running on port 35729 2022-10-14 07:50:56.532 INFO 9324 --- [ restartedMain] d.s.w.p.DocumentationPluginsBootstrapper : Context refreshed DispatcherServlet 'dispatcherServ 2022-10-14 07:50:56.589 INFO 9324 --- [ restartedMain] d.s.w.p.DocumentationPluginsBootstrapper : Found 1 custom documentation plugin(s) t 'dispatcherServlet' 2022-10-14 07:50:56.673 INFO 9324 --- [ restartedMain] s.d.s.w.s.ApiListingReferenceScanner : Scanning for api liation in 11 mssting references ret 2022-10-14 07:50:57.036 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_1 2022-10-14 07:50:57.042 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_2 2022-10-14 07:50:57.051 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_3 2022-10-14 07:50:57.067 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_4 2022-10-14 07:50:57.079 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_5 2022-10-14 07:50:57.086 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_6 2022-10-14 07:50:57.089 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: handleUsingGET_7 2022-10-14 07:50:57.113 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: decryptUsingPOST_1 2022-10-14 07:50:57.163 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: encryptUsingPOST_1 2022-10-14 07:50:57.183 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: generateKeyUsingGET_1 2022-10-14 07:50:57.216 INFO 9324 --- [ restartedMain] .d.s.w.r.o.CachingOperationNameGenerator : Generating unique operation named: getSharedKeyUsingPperation named: getSharedKeyUsingPOST_1 2022-10-14 07:50:57.372 INFO 9324 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context port(s): 8080 (http) with context path '' 2022-10-14 07:50:57.378 INFO 9324 --- [ restartedMain] i.y.f.ForwardSecrecyApplication : Started ForwardSecrecyApplication in 7.826 seconds (JecyApplication in 7.826 seconds (JVM running for 9.675) 2022-10-14 07:51:09.941 INFO 9324 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 2022-10-14 07:51:09.942 INFO 9324 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2022-10-14 07:51:09.955 INFO 9324 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 11 ms 2022-10-14 07:51:10.223 INFO 9324 --- [nio-8080-exec-1] i.y.f.controller.ECCController : Generate Shared Secret 2022-10-14 07:51:10.225 DEBUG 9324 --- [nio-8080-exec-1] i.y.f.controller.ECCController : Get PrivateKey 2022-10-14 07:51:30.368 DEBUG 9324 --- [nio-8080-exec-1] i.y.forwardsecrecy.service.ECCService : Successfully initialised the key factory 2022-10-14 07:51:33.904 DEBUG 9324 --- [nio-8080-exec-1] i.y.forwardsecrecy.service.ECCService : Its a private key 2022-10-14 07:51:36.353 DEBUG 9324 --- [nio-8080-exec-1] i.y.forwardsecrecy.service.ECCService : PKCS8 decoded 2022-10-14 07:51:43.724 ERROR 9324 --- [nio-8080-exec-1] i.y.f.controller.ECCController : Error when deriving secret key

tapantfspl commented 2 years ago

As this is a blocker presently and the keys generated by TestAA are not being consumed in .NET, this docker image is the only way to complete the AA / FIP cycle.

I would appreciate, if this is taken up on urgent basis. Thanks.

gsasikumar commented 2 years ago

Is it possible for you to extract the key as a hex and use the X25519 controller apis?

tapantfspl commented 2 years ago

Hi,

I install the pack on a different linux box and am exposing the APIs. Currently its working for me.

When I get time, I will do what you have suggested and revert. It may take some time.

Re Tapan

-- Tapan Trivedi

On Wed, Nov 9, 2022 at 5:50 PM Sasikumar Ganesan @.***> wrote:

Is it possible for you to extract the key as a hex and use the X25519 controller apis? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored th External Email...Caution Could be SPAM sophospsmartbannerend

Is it possible for you to extract the key as a hex and use the X25519 controller apis?

— Reply to this email directly, view it on GitHub https://us-east-2.protection.sophos.com?d=github.com&u=aHR0cHM6Ly9naXRodWIuY29tL1NhaGFtYXRpL3JhaGFzeWEvaXNzdWVzLzI4I2lzc3VlY29tbWVudC0xMzA4NjcwNDE1&i=NjIyODNmMzAyNDNkNjYxMjNjYTdkZDEy&t=UG9welFQdVlDZzdqNEFXRGZPLzJZZG1ZMmx0SWlhYUIyTUZHL3ZuRXNEND0=&h=b50ef665ba7b476daad4b3ef96e0668f&s=AVNPUEhUT0NFTkNSWVBUSVb5ANN_SyiGPrcsfDsMAnynIxGUWs-MzxRaQ5795haRcA, or unsubscribe https://us-east-2.protection.sophos.com?d=github.com&u=aHR0cHM6Ly9naXRodWIuY29tL25vdGlmaWNhdGlvbnMvdW5zdWJzY3JpYmUtYXV0aC9BVVIyNFpINEdONTNWVFZVUDczUFhaVFdIT0pKRkFOQ05GU002QUFBQUFBUkVDNzc0TQ==&i=NjIyODNmMzAyNDNkNjYxMjNjYTdkZDEy&t=Z04wVjJ6M2l5NUxaWTNXM0NWdUlPWWF0cHhkdGRsdFBJWHN1SFl6M2VVRT0=&h=b50ef665ba7b476daad4b3ef96e0668f&s=AVNPUEhUT0NFTkNSWVBUSVb5ANN_SyiGPrcsfDsMAnynIxGUWs-MzxRaQ5795haRcA . You are receiving this because you authored the thread.Message ID: @.***>