Hello,
I'm trying to decrypt an EncryptedPrivateKeyInfo object returned from
NSS's PK11_ExportEncryptedPrivateKeyInfo, ultimately to recover the
corresponding PrivateKeyInfo object (in PKCS8 format). And I'm using
JSS to do this.
So first, I encode the EncryptedPrivateKeyInfo object in my NSS app,
convert it to Java bytes, and then pass it to my JSS app. The latter
then decodes the asn1 blob using JSS' EncryptedPrivateKeyInfo
template. Then I decrypt the new EncryptedPrivateKeyInfo object.
So the code looks something like this:
----------------------------------------------------------------------------
// In NSS app:
SECOidTag algorithm =
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
nss_epki = PK11_ExportEncryptedPrivateKeyInfo(keySlotInfo, algorithm,
pwitem, cert, 1, NULL);
SEC_ASN1EncodeItem(..., nss_epki,
SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate));
/* Convert nss_epki bytes to Java bytes */
...
// In JSS app:
jss_epki =
(EncryptedPrivateKeyInfo)ASN1Util.decode(EncryptedPrivateKeyInfo.getTemplate(),
nss_epki );
pki = jss_epki.decrypt(p12Pass, new PasswordConverter() );
----------------------------------------------------------------------------
However JSS is not happy. It reports the following error:
Error with decrypt jss_epki
java.security.NoSuchAlgorithmException: {1 2 840 113549 1 12 1 3}
at org.mozilla.jss.crypto.KeyGenAlgorithm.fromOID(KeyGenAlgorithm.java:91)
at
org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.decrypt(EncryptedPrivateKeyInfo.java:202)
I believe that OID identifies the
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC algorithm used
when calling PK11_ExportEncryptedPrivateKeyInfo.
What does JSS not recognize it?
-- POC
