Dean wrote: > Hi folks, > > I've been trying to use the JSS APIs to encrypt and decrypt data using > an RSA Cipher JSS supports RSA for signing (and signature verification) and for wrapping and unwrapping keys (encrypting and decrypting keys), but not for encrypting or encrypting of data.
JSS only supports encrypting of non-Key data using symmetric encryption algorithms. No Internet standard protocols use RSA to encrypt data. They all encrypt data with symmetric algorithms and use RSA to encrypt symmetric keys. JSS should of returned an error stating that it did not support RSA for encrypt/decrypt of data. I have opened bug https://bugzilla.mozilla.org/show_bug.cgi?id=426908 Example of encrypt/decrypt of data with a symmetric key algorithm: http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/JCASymKeyGen.java Example of signing: http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/JCASigTest.java Example of key wrapping: http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/KeyWrapping.java -glen > but I keep getting an InvalidKeyException. Invalid key > type: org.mozilla.jss.pkcs11.PK11RSAPublicKey. > > I have a sample that works with our own JCE provider and the JCE > provider from Bouncy Castle. I've been googling around trying to get > a straight answer on whether RSA Cipher is truly supported by JSS and > don't really see anything definite. So thought I would ask here. > > Here is the sample code. As I said, it works fine with Bouncy Castle > and our own JCE provider implementation. The JSS web pages seem to > claim that RSA is a supported cipher type, and the getInstance > certainly works.... > > Any suggestions would be appreciated. > > package jsse; > > import java.io.File; > import java.security.KeyPair; > import java.security.KeyPairGenerator; > import java.security.Security; > > import javax.crypto.Cipher; > > import org.bouncycastle.jce.provider.BouncyCastleProvider; > import org.mozilla.jss.CryptoManager; > import org.mozilla.jss.crypto.AlreadyInitializedException; > import org.mozilla.jss.crypto.CryptoToken; > import org.mozilla.jss.util.Password; > > public class TestRSA { > public static void main(String[] args) throws Exception { > > Security.addProvider(new BouncyCastleProvider()); > > String dir = System.getProperty("java.home")+"./lib/security"; > new File(dir).mkdirs(); > CryptoManager.InitializationValues values = new > CryptoManager.InitializationValues(dir); > CryptoManager.initialize(values); > > CryptoManager cm = CryptoManager.getInstance(); > CryptoToken token = cm.getInternalKeyStorageToken(); > Password pw = new Password(new char[]{ 'p', 'a', 's', 's', 'w', > 'o', > 'r', 'd' } ); > cm.setPasswordCallback(pw); > try { > token.initPassword(pw, pw); > } catch (AlreadyInitializedException e) {} > token.login(pw); > > byte[] plainText = new byte[53]; > for (int i = 0; i < plainText.length; i++) { > plainText[i] = (byte) i; > } > > KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", > "Mozilla- > JSS"); > kpg.initialize(512); > > KeyPair BobKP = kpg.generateKeyPair(); > > // Alice send messasge to Bob > Cipher cipher = Cipher.getInstance("RSA", "Mozilla-JSS"); > cipher.init(Cipher.ENCRYPT_MODE, BobKP.getPublic()); > byte[] cipherText = cipher.doFinal(plainText); > > // Bob decrypts message > cipher.init(Cipher.DECRYPT_MODE, BobKP.getPrivate()); > byte[] result = cipher.doFinal(cipherText); > > System.out.print("["); > for (int i = 0; i< result.length; i++) { > System.out.print(result[i] + ", "); > } > System.out.println("]"); > } > } > > > > And then the exception that is thrown > > Exception in thread "main" java.security.InvalidKeyException: Invalid > key type: org.mozilla.jss.pkcs11.PK11RSAPublicKey > at > org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.importKey(JSSCipherSpi.java: > 123) > at > org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java: > 161) > at > org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java: > 270) > at javax.crypto.Cipher.init(DashoA12275) > at javax.crypto.Cipher.init(DashoA12275) > at jsse.TestRSA.main(TestRSA.java:47) > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto