Hi Kyle H,
Thanks for your reply.
I am sorry for giving so less information.
Here are some of the details you asked for.
What is the version of OpenSSL that you're using?
- 1.0.1e
What is the version of BouncyCastle that you're using?
- BC = 1.45
Have you ensured that the private key to the certificate you're using is
available in every place you're trying to decrypt it?
- Yes. Because BC Encrypted mails get decrypted in all those places.
Can you decrypt the mail with OpenSSL in the place where you have encrypted
it (not using the command line, but using the API)?
- Yes.
Can you encrypt with BouncyCastle and have OpenSSL decrypt it?
- Yes.
What are the error messages (or exceptions) you're receiving?
- None. I do not have access to server error logs.
What is the command line that you're using to decrypt it? What is the code
you're using to encrypt the mail? What is the code you're using to decrypt
the mail?
I will be posting snippets of both Java Side and Native Side code for
encryption and decryption.
- *Encryption Code*
*Java Code*
* //*inputData this is a temporary mime file created for
encryption.
try {
fis = new FileInputStream(inputData);
OpenSSLBIOInputStream bis = new OpenSSLBIOInputStream(fis);
long bioRef = NativeCrypto.create_BIO_InputStream(bis);
int certsRefArrLength = recipientCertificates.length;
long certsRefArr[] = new long[certsRefArrLength];
for (int i = 0; i certsRefArrLength; i++) {
byte arr[] =
android.security.Credentials.convertToPem(recipientCertificates[i]);
*//You might not have access to *
*android.security.Credentials*
InputStream certIs = new ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);
byte openSSLcertEncoded[] = openSSLcert.getEncoded();
certsRefArr[i] = NativeCrypto.d2i_X509(openSSLcertEncoded);
}
String outputFilePath = output.getAbsolutePath();
return PKCS7encrypt(bioRef, certsRefArr, outputFilePath,
encryptionAlgorithm);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
*Native Code*
JNIEXPORT jboolean JNICALL Java_xyz_MainActivity_PKCS7encrypt(JNIEnv *env,
jobject thiz, jlong bioRef, jlongArray certRef, jstring joutfile, jstring
jcipher) {
BIO* bio = reinterpret_castBIO*(static_castuintptr_t(bioRef));
const EVP_CIPHER *cipher = NULL;
const char* nativeOutFile = env-GetStringUTFChars(joutfile, 0);
const char *nativeCipher = env-GetStringUTFChars(jcipher, 0);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nEVP_rc2_40_cbc);
cipher = EVP_rc2_40_cbc();
//Selecting EVP_rc2_40_cbc() by default just for testing purpose.
int flags = PKCS7_STREAM;
STACK_OF(X509) *certs = NULL;
if(certRef != NULL) {
certs = sk_X509_new_null();
jsize s = env-GetArrayLength(certRef);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nSize of array: %d,
s);
int i = 0;
jlong *c = env-GetLongArrayElements(certRef, 0);
for (; i s; i++) {
long cVal = c[i];
//printf(\nAddress of cert[%d]: %l, i, cVal);
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nAddress of
cert[%d]: %lu, i, cVal);
X509* certRef = reinterpret_castX509*(static_castuintptr_t(cVal));
sk_X509_push(certs, certRef);
}
}
PKCS7* p7 = PKCS7_encrypt(certs, bio, cipher, flags);
if (p7 != NULL) {
FILE *outfile = fopen(nativeOutFile, w);
BIO* out = BIO_new_fp(outfile, BIO_NOCLOSE) ;// BIO_new_file(outfile, );
int r = SMIME_write_PKCS7(out, p7, bio, flags);
if(r == 1) {
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nSuccess for
SMIME_write_PKCS7);
} else {
printError();
__android_log_print(ANDROID_LOG_DEBUG, OpenSSLJni, \nFailure for
SMIME_write_PKCS7);
return false;
}
fclose(outfile);
return true;
}
else {
printError();
return false;
}
}
// I am trying to decrypt the file generated at the end of this function in
with the below mentioned command and code. It works.!
* - Decryption Command*
*openssl smime -decrypt -in encrypted_file -recip mycert.pem
decrypted_file.txt*
* - Decryption Code*
* JAVA Code*
try {
String inFile = /storage/sdcard0/openssl_enc_header_align_mime;
Log.i(TAG, Experimenting with X509Certificates.);
KeyStore tempKeyStore = KeyStore.getInstance(PKCS12);
tempKeyStore.load(null, mPassword.toCharArray());
tempKeyStore.setKeyEntry(mAlias,privateKey,mPassword.toCharArray(), chain);
X509Certificate cert =
(X509Certificate)tempKeyStore.getCertificate(mAlias); //3
byte arr[] =
android.security.Credentials.convertToPem(cert);
InputStream certIs = new ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);