search

jcryptool / core

JCrypTool Core Plug-ins
https://www.cryptool.org
Eclipse Public License 1.0
161 stars 43 forks source link

Keystore problem with self generated private keys #69

Closed dschadow closed 10 years ago

dschadow commented 11 years ago

Keystore access fails with self generated keys.

java.security.UnrecoverableKeyException: Given final block not properly padded at com.sun.crypto.provider.SunJCEz.a(DashoA13..) at com.sun.crypto.provider.JceKeyStore.engineGetKey(DashoA13_..) at java.security.KeyStoreSpi.engineGetEntry(Unknown Source) at java.security.KeyStore.getEntry(Unknown Source) at org.jcryptool.crypto.keystore.backend.KeyStoreManager.getPrivateKey(KeyStoreManager.java:297) at org.jcryptool.crypto.keystore.backend.KeyStoreManager.getKey(KeyStoreManager.java:227) at org.jcryptool.crypto.keystore.ui.dialogs.contentproviders.AbstractKeyNodeContentProvider.getKey(AbstractKeyNodeContentProvider.java:157) at org.jcryptool.crypto.keystore.ui.dialogs.contentproviders.AbstractKeyNodeContentProvider.getElements(AbstractKeyNodeContentProvider.java:49) at org.eclipse.jface.viewers.StructuredViewer.getRawChildren(StructuredViewer.java:1010) at org.eclipse.jface.viewers.ColumnViewer.getRawChildren(ColumnViewer.java:703) at org.eclipse.jface.viewers.AbstractTableViewer.getRawChildren(AbstractTableViewer.java:1087) at org.eclipse.jface.viewers.StructuredViewer.getFilteredChildren(StructuredViewer.java:917) at org.eclipse.jface.viewers.StructuredViewer.getSortedChildren(StructuredViewer.java:1067) at org.eclipse.jface.viewers.AbstractTableViewer.internalRefreshAll(AbstractTableViewer.java:701) at org.eclipse.jface.viewers.AbstractTableViewer.internalRefresh(AbstractTableViewer.java:649) at org.eclipse.jface.viewers.AbstractTableViewer.internalRefresh(AbstractTableViewer.java:636) at org.eclipse.jface.viewers.AbstractTableViewer$2.run(AbstractTableViewer.java:592) at org.eclipse.jface.viewers.StructuredViewer.preservingSelection(StructuredViewer.java:1443) at org.eclipse.jface.viewers.StructuredViewer.preservingSelection(StructuredViewer.java:1404) at org.eclipse.jface.viewers.AbstractTableViewer.inputChanged(AbstractTableViewer.java:590) at org.eclipse.jface.viewers.ContentViewer.setInput(ContentViewer.java:280) at org.eclipse.jface.viewers.StructuredViewer.setInput(StructuredViewer.java:1690) at org.jcryptool.crypto.keystore.ui.dialogs.CommonPropertyDialog.createDialogArea(CommonPropertyDialog.java:125) at org.jcryptool.crypto.keystore.ui.dialogs.ShowSecretKeyDialog.createDialogArea(ShowSecretKeyDialog.java:44) at org.eclipse.jface.dialogs.TitleAreaDialog.createContents(TitleAreaDialog.java:155) at org.eclipse.jface.window.Window.create(Window.java:431) at org.eclipse.jface.dialogs.Dialog.create(Dialog.java:1089) at org.jcryptool.crypto.keystore.commands.ShowPropertiesHandler.execute(ShowPropertiesHandler.java:54) at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.jface.window.Window.runEventLoop(Window.java:825) at org.eclipse.jface.window.Window.open(Window.java:801) at org.jcryptool.crypto.keystore.commands.ShowPropertiesHandler.execute(ShowPropertiesHandler.java:55) at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.jface.window.Window.runEventLoop(Window.java:825) at org.eclipse.jface.window.Window.open(Window.java:801) at org.jcryptool.crypto.keystore.commands.ShowPropertiesHandler.execute(ShowPropertiesHandler.java:55) at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.jface.window.Window.runEventLoop(Window.java:825) at org.eclipse.jface.window.Window.open(Window.java:801) at org.jcryptool.crypto.keystore.commands.ShowPropertiesHandler.execute(ShowPropertiesHandler.java:55) at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.jface.window.Window.runEventLoop(Window.java:825) at org.eclipse.jface.window.Window.open(Window.java:801) at org.jcryptool.crypto.keystore.commands.ShowPropertiesHandler.execute(ShowPropertiesHandler.java:55) at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:2701) at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2665) at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2499) at org.eclipse.ui.internal.Workbench$7.run(Workbench.java:679) at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:332) at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:668) at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149) at org.jcryptool.core.Application.start(Application.java:44) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:344) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:622) at org.eclipse.equinox.launcher.Main.basicRun(Main.java:577) at org.eclipse.equinox.launcher.Main.run(Main.java:1410) at org.eclipse.equinox.launcher.Main.main(Main.java:1386)

ghost commented 10 years ago

Any hints how this can reproduces?

dschadow commented 10 years ago

I'm not really sure about the steps to reproduce this issue. What I did was to create a sample keystore with

keytool -genkey -alias test -keyalg RSA -keystore keystore.jks -keysize 2048

and then exported the private key with

keytool -importkeystore -srckeystore keystore.jks -destkeystore jcryptool.p12 -deststoretype PKCS12

This file should be importable in the JCrypTool Keystore view via import. On my system importing already fails with "java.security.InvalidKeyException: Illegal key size". I guess that with the original stacktrace import succeeded but opening the properties dialog in the Keystore view for the new entry failed. In my opinion it should be possible to import keys not created in JCT, so we'll need to investigate this problem first.

ghost commented 10 years ago

Yes, it is possible to import a key pair generated the way you described. At first I ended up with a different exception !ENTRY org.jcryptool.crypto.keystore 4 0 2014-04-21 20:57:25.443 !MESSAGE Illegal key size !STACK 0 java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024) at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1045) at javax.crypto.Cipher.implInit(Cipher.java:794) at javax.crypto.Cipher.chooseProvider(Cipher.java:849) at javax.crypto.Cipher.init(Cipher.java:1479) at javax.crypto.Cipher.init(Cipher.java:1413) at codec.pkcs7.EncryptedContentInfo.createCipher(EncryptedContentInfo.java:525) at codec.pkcs7.EncryptedContentInfo.crypt(EncryptedContentInfo.java:591) at codec.pkcs7.EncryptedContentInfo.getData(EncryptedContentInfo.java:488) at codec.pkcs7.EncryptedData.getData(EncryptedData.java:282) at codec.pkcs12.AuthenticatedSafe.getSafeContents(AuthenticatedSafe.java:358) at org.jcryptool.crypto.keystore.ui.actions.AbstractImportKeyStoreEntryHandler.performImportAction(AbstractImportKeyStoreEntryHandler.java:61) at org.jcryptool.crypto.flexiprovider.keystore.actions.ImportKeyHandler.execute(ImportKeyHandler.java:83) at org.jcryptool.crypto.keystore.ui.actions.ShadowKeyStoreHandler$1.run(ShadowKeyStoreHandler.java:65) at org.eclipse.swt.widgets.Synchronizer.syncExec(Synchronizer.java:180) at org.eclipse.ui.internal.UISynchronizer.syncExec(UISynchronizer.java:150) at org.eclipse.swt.widgets.Display.syncExec(Display.java:4683) at org.jcryptool.crypto.keystore.ui.actions.ShadowKeyStoreHandler.execute(ShadowKeyStoreHandler.java:62) at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476) at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508) at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241) at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829) at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815) at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805) at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84) at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053) at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165) at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754) at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:2701) at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2665) at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2499) at org.eclipse.ui.internal.Workbench$7.run(Workbench.java:679) at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:332) at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:668) at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149) at org.jcryptool.core.Application.start(Application.java:44) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:344) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:622) at org.eclipse.equinox.launcher.Main.basicRun(Main.java:577) at org.eclipse.equinox.launcher.Main.run(Main.java:1410) at org.eclipse.equinox.launcher.Main.main(Main.java:1386) but downloading Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html and putting the unzipped files in the right directory (on my computer in C:\Program Files\Java\jre7\lib\security) "fixed" the problem. It is not even necessary to export the key pair again. According to some newsgroup posts java.security.UnrecoverableKeyException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_z.a(DashoA13*..) seems to be also caused by not using the "Unlimited Strength Jurisdiction Policy Files". May the power be with you;-)

ghost commented 10 years ago

I guess the user has to get these files, too, if he wants to import keys generated outside JCT.

dschadow commented 10 years ago

Thanks, helps to repeat that after a Java update...

dschadow commented 10 years ago

Seems to work, tested with several algorithms. Maybe fixed during general JCT keystore (manager) refactoring