Re: OpenSSL Bouncy Castle Compatibilty Problem

2014-06-03 Thread Yash Dosi 
Hi Kyle H,

Thanks for your reply.

I am sorry for giving so less information.

Here are some of the details you asked for.

What is the version of OpenSSL that you're using?
  - 1.0.1e

What is the version of BouncyCastle that you're using?
  - BC = 1.45

Have you ensured that the private key to the certificate you're using is
available in every place you're trying to decrypt it?
 - Yes. Because BC Encrypted mails get decrypted in all those places.

Can you decrypt the mail with OpenSSL in the place where you have encrypted
it (not using the command line, but using the API)?
 - Yes.

Can you encrypt with BouncyCastle and have OpenSSL decrypt it?
 - Yes.

What are the error messages (or exceptions) you're receiving?
 - None. I do not have access to server error logs.

What is the command line that you're using to decrypt it?  What is the code
you're using to encrypt the mail?  What is the code you're using to decrypt
the mail?
I will be posting snippets of both Java Side and Native Side code for
encryption and decryption.
   - *Encryption Code*
*Java Code*
*   //*inputData this is a temporary mime file created for
encryption.
try {
fis = new FileInputStream(inputData);
OpenSSLBIOInputStream bis = new OpenSSLBIOInputStream(fis);
long bioRef = NativeCrypto.create_BIO_InputStream(bis);
 int certsRefArrLength = recipientCertificates.length;
long certsRefArr[] = new long[certsRefArrLength];
for (int i = 0; i  certsRefArrLength; i++) {
byte arr[] =
android.security.Credentials.convertToPem(recipientCertificates[i]);
*//You might not have access to *
*android.security.Credentials*
InputStream certIs = new  ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);
 byte openSSLcertEncoded[] = openSSLcert.getEncoded();
 certsRefArr[i] = NativeCrypto.d2i_X509(openSSLcertEncoded);
}
 String outputFilePath = output.getAbsolutePath();
 return PKCS7encrypt(bioRef, certsRefArr, outputFilePath,
encryptionAlgorithm);
 } catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}

*Native Code*
JNIEXPORT jboolean JNICALL Java_xyz_MainActivity_PKCS7encrypt(JNIEnv *env,
jobject thiz, jlong bioRef, jlongArray certRef, jstring joutfile, jstring
jcipher) {
BIO* bio = reinterpret_castBIO*(static_castuintptr_t(bioRef));
const EVP_CIPHER *cipher = NULL;

const char* nativeOutFile = env-GetStringUTFChars(joutfile, 0);

const char *nativeCipher = env-GetStringUTFChars(jcipher, 0);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nEVP_rc2_40_cbc);
cipher = EVP_rc2_40_cbc();
//Selecting EVP_rc2_40_cbc() by default just for testing purpose.

int flags = PKCS7_STREAM;
STACK_OF(X509) *certs = NULL;

if(certRef != NULL) {
certs = sk_X509_new_null();
jsize s = env-GetArrayLength(certRef);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nSize of array: %d,
s);
int i = 0;
jlong *c = env-GetLongArrayElements(certRef, 0);
for (; i  s; i++) {
long cVal = c[i];
//printf(\nAddress of cert[%d]: %l, i, cVal);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nAddress of
cert[%d]: %lu, i, cVal);
X509* certRef = reinterpret_castX509*(static_castuintptr_t(cVal));
sk_X509_push(certs, certRef);
}
}
PKCS7* p7 = PKCS7_encrypt(certs, bio, cipher, flags);
if (p7 != NULL) {
FILE *outfile = fopen(nativeOutFile, w);
BIO* out = BIO_new_fp(outfile, BIO_NOCLOSE) ;// BIO_new_file(outfile, );
int r = SMIME_write_PKCS7(out, p7, bio, flags);
if(r == 1) {
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nSuccess for
SMIME_write_PKCS7);
} else {
printError();
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nFailure for
SMIME_write_PKCS7);
return false;
}
fclose(outfile);
return true;

}
else {
printError();
return false;
}
}
// I am trying to decrypt the file generated at the end of this function in
with the below mentioned command and code. It works.!

*   - Decryption Command*
   *openssl smime -decrypt -in encrypted_file -recip mycert.pem 
decrypted_file.txt*

*   - Decryption Code*
*  JAVA Code*
try {
String inFile = /storage/sdcard0/openssl_enc_header_align_mime;
Log.i(TAG, Experimenting with X509Certificates.);
KeyStore tempKeyStore = KeyStore.getInstance(PKCS12);
tempKeyStore.load(null, mPassword.toCharArray());

tempKeyStore.setKeyEntry(mAlias,privateKey,mPassword.toCharArray(), chain);
X509Certificate cert =
(X509Certificate)tempKeyStore.getCertificate(mAlias); //3
byte arr[] =
android.security.Credentials.convertToPem(cert);
InputStream certIs = new  ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);

OpenSSL Bouncy Castle Compatibilty Problem

2014-06-02 Thread Yash Dosi 
Hi All,

I am trying to replace Bouncy Castle with OpenSSL for some of the operation
in my android app.

Right now, I can successfully encrypt a mail using OpenSSL and send it.
But the problem comes when you are trying to decrypt the same email. I cant
decrypt it on both the server as well as using bouncy castle.

I am using the same certificate for both encryption and decryption. And
when I try to decrypt OpenSSL encrypted content using OpenSSL Command Line,
I dont face any problem.

Any ideas what could be the issue?

--
Yash Dosi.

Re: OpenSSL Bouncy Castle Compatibilty Problem

2014-06-02 Thread Kyle Hamilton 
My understanding from what you're saying is that you can successfully
encrypt with OpenSSL, but BouncyCastle is failing to decrypt it.

What is the version of OpenSSL that you're using?
What is the version of BouncyCastle that you're using?  What version of
javamail are you using with it?
Which crypto library is the server is using, and what version?
Have you ensured that the private key to the certificate you're using is
available in every place you're trying to decrypt it?
Can you decrypt the mail with OpenSSL in the place where you have encrypted
it (not using the command line, but using the API)?
Can you encrypt with BouncyCastle and have OpenSSL decrypt it?  What kind
of keypair and certificate are you using?  What tool was used to create
it?  Does the certificate chain verify?
What are the error messages (or exceptions) you're receiving?
What is the command line that you're using to decrypt it?  What is the code
you're using to encrypt the mail?  What is the code you're using to decrypt
the mail?

Is there anything else that you can think of that might help identify where
the problem actually is?

BouncyCastle relies on javamail for mail parsing.  You may need to include
email headers and wrap the entire thing in a MIME-formatted wrapper to
avoid choking javamail.  If this is the case, I perceive it is a bug in
BouncyCastle, as it explicitly exceeds the scope of the BER structures that
CMS and prior S/MIME versions work with.  I also perceive it as not a bug
in OpenSSL, for the same reason.

-Kyle H



On Mon, Jun 2, 2014 at 2:30 AM, Yash Dosi yashd...@gmail.com wrote:


 Hi All,

 I am trying to replace Bouncy Castle with OpenSSL for some of the
 operation in my android app.

 Right now, I can successfully encrypt a mail using OpenSSL and send it.
 But the problem comes when you are trying to decrypt the same email. I
 cant decrypt it on both the server as well as using bouncy castle.

 I am using the same certificate for both encryption and decryption. And
 when I try to decrypt OpenSSL encrypted content using OpenSSL Command Line,
 I dont face any problem.

 Any ideas what could be the issue?

 --
 Yash Dosi.