search

zhuzengpeng / jscep

Automatically exported from code.google.com/p/jscep
MIT License
0 stars 0 forks source link

key size greater than 24 bytes if BouncyCastleProvider has the highest priority #19

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. place BouncyCastleProvider before Sun in java.security

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun

2. use ScepServlet with iPhone Certificate Enrollment

What is the expected output? What do you see instead?

Unexpected:

...
Caused by: java.security.InvalidKeyException: key size greater than 24 bytes
    at org.bouncycastle.jce.provider.JCEBlockCipher.engineInit(Unknown Source)
    at org.bouncycastle.jce.provider.JCEBlockCipher.engineInit(Unknown Source)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at org.jscep.pkcs7.PkcsPkiEnvelopeParser.parse(PkcsPkiEnvelopeParser.java:126)
    ... 48 more

What version of the product are you using? On what operating system?
1.0.1-SNAPSHOT (rev 936)

Please provide any additional information below.

Workaround for me was to set the lowest priority for BouncyCastleProvider. Also 
tried to use a unlimited strength jurisdiction policy file, but without 
success. The problem is IMHO in BC so this file only influences Sun's 
implementation.

Original issue reported on code.google.com by m.zd...@gmail.com on 13 Oct 2010 at 8:49

GoogleCodeExporter commented 8 years ago 
I'm trying to move the PkiMesage and PkcsPkiEnvelope parts to use explicit 
Providers so we shouldn't get this sort of problem any more.

Original comment by davidgrant41 on 2 Nov 2010 at 5:03

GoogleCodeExporter commented 8 years ago 
I've committed a few changes to the servlet component.  Can you build from the 
trunk and see if your problem still occurs?

Original comment by davidgrant41 on 3 Nov 2010 at 2:02

GoogleCodeExporter commented 8 years ago 
I also had an issue with the symmetric key exchange when running on Android.  
It seems that JCE and BC use different default padding schemes.  I had to 
change the Cipher.getInstance() call in 
org.jscep.message.PkcsPkiEnvelopeDecoder to use "RSA/ECB/PKCS1Padding". I'm 
using version 1.1.4.

Original comment by dfpome...@gmail.com on 19 Apr 2011 at 1:43

GoogleCodeExporter commented 8 years ago

Original comment by davidgrant41 on 11 May 2011 at 2:06

GoogleCodeExporter commented 8 years ago

Original comment by da...@grant.org.uk on 13 Jul 2011 at 6:37

GoogleCodeExporter commented 8 years ago

Original comment by da...@grant.org.uk on 23 Aug 2011 at 8:16