search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.3k stars 1.14k forks source link

unknown object in getInstance: org.bouncycastle.asn1.DERApplicationSpecific #462

Closed cgruber0 closed 2 years ago

cgruber0 commented 5 years ago

Hi,

I'm using a library (https://github.com/markenwerk/java-utils-mail-smime) to encrypt/decrypt SMIME Emails. That library includes BouncCastle.

All emails are decrypted without problems, except those from one client.

Said emails throw this exception:

net.markenwerk.utils.mail.smime.SmimeException: Malformed content. at net.markenwerk.utils.mail.smime.SmimeUtil.handledException(SmimeUtil.java:615) ~[utils-mail-smime-1.0.8.jar:na] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:235) ~[utils-mail-smime-1.0.8.jar:na] at helpers.email.EmailFetcher.decryptMessageIfNecessary(EmailFetcher.java:293) [classes/:na] at helpers.email.EmailFetcher.processMessage(EmailFetcher.java:194) [classes/:na] at helpers.Converter.convertToPDF(Converter.java:59) [classes/:na] Caused by: org.bouncycastle.cms.CMSException: Malformed content. at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source) ~[bcmail-jdk15on-1.56.jar:1.56.0.0] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:225) ~[utils-mail-smime-1.0.8.jar:na] Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.DERApplicationSpecific at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.asn1.cms.ContentInfo.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0]

The emails are encrypted using RSA (2048) / AES (256). The email is decrypted in MS Outlook without problems.

Any idea? Thanks!

bcgit commented 5 years ago

It's not in tnef format is it?

cgruber0 commented 5 years ago

No, it's not a TNEF file.

This is the email source if that helps:

`Message-ID: 1005584085.252.1550154654072@REPLACED.REPLACED.com MIME-Version: 1.0 Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data Content-Transfer-Encoding: base64 Return-Path: kempe@REPLACED.de Received: from mo4-p00-ob.smtp.rzone.de ([XX.169.146.163]) by mx.kundenserver.de (mxeue010 [XXX.227.15.41]) with ESMTPS (Nemesis) id 1MXYhr-1gZXSw3mil-00YwzL for muenchen@REPLACED.eu; Thu, 14 Feb 2019 15:30:41 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1550154641; s=strato-dkim-0002; d=REPLACED.de; h=Message-ID:Date:Subject:To:From:X-RZG-CLASS-ID:X-RZG-AUTH:From: Subject:Sender; bh=t6x8R8RPv7tUYoipK4t4BN75lfJwCXcmzgaQ0q0G+WA=; b=KgLByu3duM38ywXX+Yo3TKoUPZ18ZhaddtBfrEsngKp0buN1bUgdkn4UoyAFVGc6WJ E8SBGA3q3YpKVTDqG2lLcwhMzod5BUnwoTM9E/40kJQq6ae1+IqfFoLNvi9nphAMS90N cTWQY4zEIDDh9pr8qKmR9WfOYMrDZmq3zGrO8= X-RZG-AUTH: ":J2kJZUWIfPpERvl0fWaURc+vGN/AJyPae/Fb9hay9NoBxSGeOTdOBq93XiYFQJ+94/tu4Ghoi6vuik2yaHHBB67nYe47N7SKDG7cAdWLukgt" X-RZG-CLASS-ID: mo00 Received: from SEKRETAERIN02 by smtp.strato.de (RZmta 44.12 AUTH) with ESMTPSA id w07e49v1EEUfRLZ (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for muenchen@REPLACED.eu; Thu, 14 Feb 2019 15:30:41 +0100 (CET) From: "REPLACED-Kempe" kempe@REPLACED.de To: "REPLACED - PAe" muenchen@REPLACED.eu Subject: DAS IST NUR EIN TEST Date: Thu, 14 Feb 2019 15:30:41 +0100 Content-Disposition: attachment; filename="smime.p7m" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdTEcaq2kA0a3rjyQ1eSjUyoDXRjNg== Content-Language: de X-Antivirus: Avast (VPS 190214-0, 14.02.2019), Outbound message X-Antivirus-Status: Clean Envelope-To: muenchen@REPLACED.eu X-Spam-Flag: NO X-UI-Filterresults: notjunk:1;V03:K0:aJMtUoou9zQ=:MNlaQQP9HnotxI7oSCnLg8CW09 4g2rnesgoyLhZJ3KM76JwbI7hiI12gbxGmgvwI0Cb7zSkQUJRRU+VPKdMpsxtE/eAqmODTRjF W3SgsDgrdJ5DRJd+UE4uv3i1HUPXywQJdWcntvxkybM0A25RjauQPwDBnkDdkgJGJF5Q+kFsF BE2bqcTSbGFU4EqEwUgRDoKTizRAlVlESvINf6YyX3iD2S0lxjD34g0qvoIzu+MjKZniWXiBr Uc1PFiwmksKCLZoKXHG67ay83S07OjbYLh9amQ5/3CFnmBht5gu7tlu5lRJfhzbLiDQ3Fdfr1 /Upu5ouFERrqJF412pyU7LlW3cIxTBVlGsSKk0Clb1ad0jnhkDSRnIDgYc90H1yBkvtPaYCql BW0YsEbqz4XPh8PIbtCuBRPXgDhrPUjV64Iw/JjqcH7repxbb0cfIrcAaRAdutYTuaYt+h5DU cm22CEIRZD9Q0DqOUpRicEDHW+D+0Ju8HrqlIVIoy8iGqouLasUOkhF3QrxAM3wR5lcmlsuwa LjKhiAsGR0j8QzfCl6E6DTsCG8hLr1dFXKYlMUzN0G+wwYXdnoW4NzCoba6OUIfZy5L0nUBp2 yzMfu3cyNwk3IoL4vBBZRM0q0I71rEcyCTSZhsZxPRunPkPQm84vNs2xO0ZlKCtorIkxXEMXl qaDLUqzJ8FfgKL9afp2UkJ2he4hNzW+JlJDur9U62kGFnnYOF4ECjezIhhdx+JO+oXTCTNJLJ UjIO1nT7akxNAomic5dLm1rbfUGx02/cEHJ1zEq68gSWjo4ELWKvy49kAqMpDWyW5Vj2zH38E vG4ceNcHRILC9wU/JEyUAmTG6w/hTPjfODmBPoGARt3FL/Hh+zZ3ktJQedineFSkWYBdetIvW RJPwhMpQUeq+0KFAFPfIxfIv2AlSDLlbJZIiHNvzdoIOF+Hvrz9C0BdbAiBNxjthaSOy2mVpa XKof764JRMcT2EuFdmAfenkRYLDWbVDXJJzjET0Z3tDQvnmBucZ0ym/McqQIBMylQD9qj77O8 UZcAeI5estkBgRB5wy8FAveZcNqJlI295j0J8uAendt5vySO2JvytBNY3aImOAtQ2QDvsbnc8 ys9d8dMCrcl85St27Htv4gZT/q+inG49VP0ShHsyJcJ8J1EPOLUob1rS1ffIu8XrMaUklsuGi tz6BK0JZ7WsWt8jTTFrGIy3Dmu1BCbD6wFfoDT/0SFzl7tr7jHWZo+q8rfXuFj/oELcKczRd5 5aLdKQQY6meIbzcZVwAVX7z/l3/AKwSwJV3vPS37c6cNfrZd831kyPJgxCUHwN2FTL5q0beZt XLCvkz5vOqvmsqy4zMpPE8KHTJeRjY3SRLz8vkCrjrKisCCyrCkxGMIIolxk37h13Yie

UECOH7pxM0SCRz4jY2qtHAnGbDHKeacbBM/GhtLK/DofNLMSjZ8z5rlBEyxEpLXzAqUCh1Bplly7 BurIAmTns1Iw4yqTylu5eD1LdExARMqi4Yn7/f2D5+QuKNdDz3Wg2s2T3ijYn9j1UObtB0Z5Bax4 eMJpqzLWNtjLHt3kdNYA+qxBBln/oHc7shEBPmVZTYQj+IF43QUCAwEAAaOCAWQwggFgMA4GA1Ud DwEB/wQEAwIBBjAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMJMBIGA1Ud EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYnwsKl9xz4Anp6ZK9jbzLSmMKxMB8GA1UdIwQYMBaA FI/wS3+oLkUkrk1Q+mOai97i3Ru8MD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDov L29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js Lmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMFkGA1UdIARSMFAwCwYJKwYBBAGgMgEoMEEGCSsG AQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0 b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAsYd3pIyiska1HXyOg9VO6lIIHRS5LIlPioiKicyRuhl3 ENiogctrRd/imG9CIsVzKSFZYlV5XA+VYeLYjMSeFjjTBbd3+/+d4Ely39uFjMBK7m3PphjM4FBh ORygvfD3ClFf+aT4IEHcz8QgTXol5y1NbQhmIT2rRUw4VARmlYQXrlAm4EfYKVyfYLqqwzlcKLir 6L3SHiOShAHKAAIki+p2ni5PxmylGgRWtkcVwte3vmMgVrVpVgxDN9VfKVCMe+pZDvCCWERIS3IP y58qGMucHK8yOqW19r8Ncf40dxh0gtQBHaKmxMbotlyy5UmusvckDYHZD8+xky5qcCE/nTCCBQAw ggPooAMCAQICDDj2i6U5ITGI6kGwJjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJCRTEZMBcG A1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBQZXJzb25hbFNpZ24g MSBDQSAtIFNIQTI1NiAtIEczMB4XDTE4MTEwOTEyMTkwNVoXDTIxMTEwOTEyMTkwNVowRjEeMBwG A1UEAwwVa2VtcGVAZ2VzdW1hb2ZmaWNlLmRlMSQwIgYJKoZIhvcNAQkBFhVrZW1wZUBnZXN1bWFv ZmZpY2UuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/IKrZGZEJ2X6Vauw0xluU nBQDo4hcLbhl2UH8lv6PIW74U8smurdvEVQ/Ax+0pM74N0pRf4G/KcBQb5saNGEKVQ6fhnmE6U7+ SM3/GYa0q8iEWitVwy69+uV/ABqCOe59tq1wZ/khW5aY5LzfAK9gidj8gQ7+/uk9SCDwgispBguh Xp03iGM4oK+WG7vqggKN72JqO9nFRmoFhcdANmU0e8AgamLCqxDMUUbEUVLX1gsgrf6kf7tl53bV vKRux6bxL/tjfgrG064NebWXn+mUaXapxT+YhpKh+ivjKYhBcLQgLRBuHyrGuqM+x6APj4/wdESO hiu0DnJYhZuznGr/AgMBAAGjggHVMIIB0TAOBgNVHQ8BAf8EBAMCBaAwgZ4GCCsGAQUFBwEBBIGR MIGOME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3Bl cnNvbmFsc2lnbjFzaGEyZzNvY3NwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AyLmdsb2Jh bHNpZ24uY29tL2dzcGVyc29uYWxzaWduMXNoYTJnMzBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0 MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNV HRMEAjAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NwZXJz b25hbHNpZ24xc2hhMmczLmNybDAgBgNVHREEGTAXgRVrZW1wZUBnZXN1bWFvZmZpY2UuZGUwHQYD VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBREtAEEVnJ9qTjeaMkPrtYpgn4m bjAfBgNVHSMEGDAWgBSWJ8LCpfcc+AJ6emSvY28y0pjCsTANBgkqhkiG9w0BAQsFAAOCAQEAfHec UE7IG+Ouz2IO4JwKd7BTdJDuGIZD6sKOGneKQJpQ/fAR1Hss43ebRV2Hb2lKjOgV5fzMgC3IUjIO t6wz7+TMfq5To9+v0URfrJSb8NJfHiX95bcUMlRDkoptSjqjTNzhAVgE7T8Wl3oR21oh02R3tu+E giFiQsiRrTOZv5/axA8fhv5OJYS9CnP9UH+Hqny/xeN4EBndBxfWu1k+6VhctqkxA5jmFG4qY0rP F0Wdc9OOBFPn+C+lAQ1EPHU7K6S1nkw3hlYPPT679JTbcaziqVLg4miaD1vlLEzgp2oYLqPaxqtN lzxk5pQFOZLDNGkE+AFC50EX0L164SHS9DGCA4kwggOFAgEBMG0wXTELMAkGA1UEBhMCQkUxGTAX BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMzAxBgNVBAMTKkdsb2JhbFNpZ24gUGVyc29uYWxTaWdu IDEgQ0EgLSBTSEEyNTYgLSBHMwIMOPaLpTkhMYjqQbAmMAkGBSsOAwIaBQCgggHxMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDIxNDE0MzA0MVowIwYJKoZIhvcN AQkEMRYEFFvWxGLdWpAm0Lc+QnVWqAe2yAEHMHwGCSsGAQQBgjcQBDFvMG0wXTELMAkGA1UEBhMC QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMzAxBgNVBAMTKkdsb2JhbFNpZ24gUGVyc29u YWxTaWduIDEgQ0EgLSBTSEEyNTYgLSBHMwIMOPaLpTkhMYjqQbAmMH4GCyqGSIb3DQEJEAILMW+g bTBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xv YmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIFNIQTI1NiAtIEczAgw49oulOSExiOpBsCYwgZMG CSqGSIb3DQEJDzGBhTCBgjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3DQMHMAsG CWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAhowCwYJYIZI AWUDBAIDMAsGCWCGSAFlAwQCAjALBglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAtxwFLBlr tAhzWr5fvkrLYBaUd+YevWvSQTEKLD/zGuqqm0tiYloHv5u6G1+3ZEv85aTsar6xz1bc/ZihPw/V mxbnU/uNDkAOY60DaZGiYV4BkXv7xTu+X1M4QwK8lLCvfQRQHFH2eSNLNCaP1tt2DsWmj+o0vOy4 IGJ3WgIExbbJuKZUjjEiAf+D1NzRhlTVytoJ3kFS+Sjgl0DjyUzyiiLfd9k8xshfagtu1Ep3KkI9 HxSzI8Hr/S90+o8+q33ozMa0iBUUggRL1kgEWEZdIgbsl7uwZ+hkKJ/JOc0l3ib2qkL0Qp8zwBeD 3yUI1kMaMT0GVJ8T8fGhkUtn/oAVDAAAAAAAAA==`

demanzano commented 5 years ago

May I ask you if you resolved this issue ? I'm having right now the same exact problem.. thanks !

cgruber0 commented 4 years ago

No, not yet

dghgit commented 3 years ago

So analysis found that the second batch of base64 data contains the following ASN.1 [PRIVATE 30] #f6aa42f4429f33c01783df2508d6431a313d06549f13f1f1a1914b67fe80150c000000000000

I'd guess this is the signature as it appears to be at the end of the object and the content length lines up perfectly 40 bytes. The data prior to that is binary. No idea of the format. Any more information would be welcome, but it's clearly not simple S/MIME.

dghgit commented 2 years ago

No further information. Closing as unable to analyze.