I am trying to create an android app which can send sign and encrypted
mails using OpenSSL.
So far I am able to send Signed Emails and verify them using both web
browsers and my android apps.
Same is the case with Encryption and Decryption.
But now when I am trying to send signed+encrypted mails from my android
app. The Exchange server is unable to verify/decrypt the mails send from my
android app.
When I am trying to open open these mails using OWA I get this error:
One or more errors occurred while the message was being loaded. Error:
(0x800ccef6)
The digital signature of this message couldn't be validated because an
error occurred while the message was being loaded.
Encryption and signing code:
*Sign Code:*
public static boolean Java_PKCS7Sign(File inputFile, File outputFile,
PrivateKey privateKey, X509Certificate certificate, String
signingAlgorithm) {
try {
String inputFilePath = inputFile.getAbsolutePath();
String outputFilePath = outputFile.getAbsolutePath();
byte arr[] = android.security.Credentials.convertToPem(certificate);
InputStream certIs = new ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);
byte openSSLcertEncoded[] = openSSLcert.getEncoded();
long signCertRef = NativeCrypto.d2i_X509(openSSLcertEncoded);
OpenSSLKey oKey = OpenSSLKey.fromPrivateKey(privateKey);
long evpKeyRef = oKey.getPkeyContext();
//boolean res = PKCS7Sign(signCertRef, pkeyRef, certs, bioRef,
flags, a, b)
long arr1[] = new long[0];
return PKCS7Sign(inputFilePath, signCertRef, evpKeyRef, arr1,
outputFilePath);
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
In the above code PKCS7Sign is a JNI call to OpenSSL. And the flags used
are for signing are: int flgs = PKCS7_STREAM | PKCS7_DETACHED |
PKCS7_BINARY ;
*Encrypt Code:*
public static boolean Java_PKCS7encrypt(File inputData, File output,
X509Certificate[] recipientCertificates, String encryptionAlgorithm) {
if(!inputData.exists() || !output.exists())
return false;
try {
fis = new FileInputStream(inputData);
OpenSSLBIOInputStream bis = new OpenSSLBIOInputStream(fis);
long bioRef = NativeCrypto.create_BIO_InputStream(bis);
int certsRefArrLength = recipientCertificates.length;
long certsRefArr[] = new long[certsRefArrLength];
for (int i = 0; i < certsRefArrLength; i++) {
byte arr[] =
android.security.Credentials.convertToPem(recipientCertificates[i]);
InputStream certIs = new ByteArrayInputStream(arr);
OpenSSLX509Certificate openSSLcert =
OpenSSLX509Certificate.fromX509PemInputStream(certIs);
byte openSSLcertEncoded[] = openSSLcert.getEncoded();
certsRefArr[i] = NativeCrypto.d2i_X509(openSSLcertEncoded);
}
String outputFilePath = output.getAbsolutePath();
return PKCS7encrypt(bioRef, certsRefArr, outputFilePath,
encryptionAlgorithm);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
Same as in case of sign PKCS7encrypt is a JNI call to OpenSSL. And flags
used are:
int flags = PKCS7_STREAM | PKCS7_BINARY;
And cipher used for encryption is cipher = EVP_rc2_40_cbc();
Any pointers about my mistake?
