search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.31k stars 1.14k forks source link

PKCS12 keystore with AES algorithm OID 2.16.840.1.101.3.4.1.42 #1180

Open gruenich opened 2 years ago

gruenich commented 2 years ago

We try to build a PKCS12 keystore with BouncyCastle with the usage of the AES algorithm OID 2.16.840.1.101.3.4.1.42 as encryption/wrapping mechanism for the encryption of the secrets in the KeyStore, Is this mechanism possible at all with Bouncycastle? If yes, in what version of the BouncyCastle library is it included? Is it a build-in mechanism or is it necessary to build this encryption/wrapping for the PKSC12 keystore on our own?

gruenich commented 2 years ago

Or would this be a feature request?

patrickshox commented 8 months ago

From my understanding, this support already exists. I stumbled across this post because I was getting the following error:

Exception occurred : cannot create key generator: no such algorithm: 2.16.840.1.101.3.4.1.42 for provider BC

For those Googling who are also facing this error, I was able to fix the issue like so:

- import org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME
// ...
- JcaSimpleSignerInfoVerifierBuilder().setProvider(PROVIDER_NAME).build(cert)
+ JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider()).build(cert)

I knew to do this thanks to lots of StackOverflow answers about this topic [ex].