ge0rg / aprsdroid

APRSdroid - Geo-Location for Radio Amateurs
https://aprsdroid.org/
GNU General Public License v2.0
519 stars 102 forks source link

Failure to import LotW p12 file — NoSuchAlgorithmException SecretKeyFactory not available #359

Open dbrianwalton opened 1 year ago

dbrianwalton commented 1 year ago

Trying to import my .p12 certificate generated from tqsl using my LotW certificate. Transferred the file from computer to Android via GoogleDrive and downloaded to local storage on device. Open the .p12 file and get the following error after typing the certificate import password:

Error importing certificate: exception unwrapping private key - java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.12 SecretKeyFactory not available!

Attempting to install on moto x4, Android version 9

Repeated with certificates with and without a security password and get same error. Running openssl pkcs12 -info -in CALLSIGN.p12 on the computer shows data that makes sense, so I think the file itself should be okay.

dbrianwalton commented 1 year ago

Did some more hunting about what the error might be from. Found this link about the algorithm: https://www.aicg.com/blog/fixing-the-1-2-840-113549-1-5-3-not-available-pkcs-encryption-issue/

I believe that TQSL was encoding the p12 certificate with an algorithm that has been depricated. I am using TQSL v 2.7.1 on Mac OS. It shows OpenSSL 3.1.2 1 Aug 2023.

On my Mac, I exported the p12 file to a pem file and then back to a new p12 using OpenSSL with the following commands: openssl pkcs12 -in CALLSIGN.p12 -out CALLSIGN.pem openssl pkcs12 -export -in CALLSIGN.pem -out CALLSIGN-2.p12

The new certificate now seems to successfully load into aprsdroid. However, I still seem to need the APRS-IS Passcode. I thought the certificate was supposed to be a more secure alternative, but I can't tell how to skill the passcode after loading the certificate, or even where to see that the certificate was loaded and used (other than the log entry saying it was).

penguin359 commented 3 months ago

How was TQSL installed? Was it installed from the official package download from ARRL.org, from homebrew, or built from source?

gunnarre commented 1 month ago

Getting

Error importing certificate: error constructing MАС: java.security.NoSuchAlgorithmException: SecretKeyFactory 2.16.840.1.101.3.4.2.1 implementation not found! on Android 5.1

gunnarre commented 1 month ago

Getting

Error importing certificate: error constructing MАС: java.security.NoSuchAlgorithmException: SecretKeyFactory 2.16.840.1.101.3.4.2.1 implementation not found! on Android 5.1

I tested this on Android 8.1 and this resolved the "SecretKeyFactory 2.16.840.1.101.3.4.2.1 implementation not found!" error, but the "java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.12 SecretKeyFactory not available" error was still present.

I was able to get APRSdroid to import the p12 keyfile (exported by TQSL V2.7.3 build [v2.7.3] x86_64/arm64, official ARRL build) by converting it one using the SHA1 and 3DES PBE profile in OpenSSL, but the APRS-IS server (northwest.aprs2.net) won't accept the certificate as valid. Even though APRSdroid says Loaded key: EMAILADDRESS= etc., the server says logresp LA9XSA-5 unverified, server T2USANW

gunnarre commented 1 month ago

The openssl commands I had to use to get the certificate imported were

openssl pkcs12 -in CALLSIGN.p12 -out CALLSIGN.pem
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in CALLSIGN.pem -out CALLSIGN_pbesha13des.p12

(still not accepted by the server)