I'm new in cryptography and my scala code is not able to decrypt a file sized over 1.6Gb, i'm getting a BadPaddingException and it decrypt successfully with files sized less then that.
I know that smime decryption using openssl cli has a limit size of 1.5 Gb because of the LIMIT_BEFORE_EXPANSION hard coded value. But i don't think that bouncycastle has the same limit.
maybe i'm doing something wrong. Any help is appreciated, thanks!
Knowing that i used openssl cli to :
generate private key (private_key.pem) and public key certificate (certificate.pem) :
openssl req -x509 -nodes -days 100000 -newkey rsa:8912 -keyout private_key.pem -out certificate.pem
encrypt files with smime command:
openssl smime -encrypt -aes-256-cbc -in big_file.json -out big_file.json.enc -outform DER certificate.pem
decrypt file using scala function :
def decrypt(privateKey: PrivateKey, encryptedData: InputStream, decryptedDestination: File): Unit = {
val encryptedDataBuffer = new BufferedInputStream(encryptedData, (16 * 1024))
val parser = new CMSEnvelopedDataParser(encryptedDataBuffer)
val recInfo = getSingleRecipient(parser)
val recipient = new JceKeyTransEnvelopedRecipient(privateKey)
val decryptedStream = recInfo.getContentStream(recipient).getContentStream
try {
Files.copy(decryptedStream, decryptedDestination.toPath)
} finally {decryptedStream.close()}
}
the exception throwed :
Error finalising cipher
org.bouncycastle.crypto.io.InvalidCipherTextIOException: Error finalising cipher
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2051)
... 68 more
Related
Just discovered something I wasn't expecting so need to validate my understanding.
I ran the following command
openssl req -out test.csr -new -newkey rsa:2048 -nodes -keyout test.key
I then ran through the usual settings associated with the CSR. At the end I was prompted for a password. I now have test.csr and test.key.
However when I run:
openssl rsa -in test.key -check
I can see the private key. I was not prompted for a password at any point.
So my question is, when you generate a private key using the 'req' command is the private key unencrypted by default?
Thanks.
Eddie
I'm trying to generate a pfx file from a crt and a private key, and I keep getting No certificate matches private key.
No idea what's going on here.
I did:
openssl pkcs12 -export -out myaudiservice.com.pfx -inkey myaudiservice.com.key -in myaudiservice.com.crt -in gd_bundle-g2-g1.crt
Which gets me:
No certificate matches private key
So, I tried deleting everything, key, crt, cert chain, and then I generated a new CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout myaudiservice.com.key -out myaudiservice.com.csr
Which generated a new key and new csr. I then uploaded the CSR to GoDaddy and requested the cert be re-keyed.
When that was done, I downloaded the new crt, and used the freshly generated key (from the openssl command used to generate the CSR), and I still get the same error.
Then, just as a sanity check I did:
mjb#bohr:~/Downloads/myaudiservice.com$ openssl x509 -noout -modulus -in myaudiservice.com.crt | openssl md5
(stdin)= 36d37e4f8f8672c127178a4a9cf32b89
mjb#bohr:~/Downloads/myaudiservice.com$ openssl rsa -noout -modulus -in myaudiservice.com.key | openssl md5
(stdin)= 36d37e4f8f8672c127178a4a9cf32b89
And they match....but I still get the:
No certificate matches private key
What can I try next?
You cannot have multiple -in arguments. It will just take the last, i.e. gd_bundle-g2-g1.crt. And no certificate in this file matches the key. Instead you should combine all certificates (and maybe even the key) into a single file and use this as argument for a single -in option.
I'm having some weird issues with generating CSRs and certificates from them which I don't fully understand.
Here's what I've done:
Generate private key and CSR (done on Ubuntu on WSL if that's of any significance)
openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
Uploaded that to CA and got back a certificate beginning with -----BEGIN CERTIFICATE----- which would indicate a PEM-encoded certificate, right?
Tried combining all of this into a PFX for ease of use
openssl pkcs12 -export -out CERTIFICATE.pfx -inkey PRIVATEKEY.key -in CERTIFICATE.cer
It then asks for the private key and then throws the error No certificate matches private key
Some people suggested reencoding the certificate from DER to PEM, but that just throws an error indicating the certificate is already X509
sudo openssl x509 -inform DER -outform PEM -in CERTIFICATE.cer -out CERTIFICATE.pem
unable to load certificate
140390322082240:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1130:
140390322082240:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:290:Type=X509
The following command generates quite sensible output, so the certificate seems to be alright to some extent
openssl x509 -in CERTIFICATE.cer -text -noout
The CA is Telia if this is of any use to anybody. I have had some issues in the past with them, for example Digicert's Certificate Utility doesn't recognize their certificates as valid for some reason (but that might of course be cause by me using the wrong file extension or something).
This issue was due to the renewal process in the Telia user interface, it allows you to upload a new CSR during renewal, but it actually ignores that and uses the old CSR without telling you.
As should be clear, I am a newbie to certificates and cryptography in general.
I am trying to generate self-signed certificates programmatically for use with WebRTC in the implementation of a SFU. The RFC at Section 4.9, on the subject of certificates used for WebRTC, states:
The following values MUST be supported by a user agent: { name:
"RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new
Uint8Array([1, 0, 1]), hash: "SHA-256" }, and { name: "ECDSA",
namedCurve: "P-256" }.
After creating an ECDSA cert programmatically in C and saving it, I run the following command on the certificate file created:
openssl x509 -in /tmp/ecdsa_certificate -text #Linux command-line
I get the output:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = IN, O = XYZ Tech., CN = localhost
Validity
Not Before: Jun 23 17:28:14 2020 GMT
Not After : Jun 23 17:28:14 2021 GMT
Subject: C = IN, O = XYZ Tech., CN = localhost
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d9:c8:cc:93:13:54:3d:e6:40:d7:2f:33:da:f2:
d4:e4:62:83:a4:ec:ad:98:f5:d5:2e:cf:3b:e8:5f:
ad:da:b9:e0:59:f0:19:59:84:b8:47:45:b4:21:56:
30:c8:1d:0b:9b:2d:02:e2:f5:4d:c7:57:2e:e6:a6:
f9:c4:c4:a7:5c
ASN1 OID: secp256k1
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:58:0a:49:7d:e3:0f:d7:56:6a:5c:af:f8:bd:1d:
5e:54:bb:15:10:ec:05:3a:3a:db:79:8f:e6:70:86:6d:3d:f1:
02:20:4f:89:5f:df:21:46:1b:da:6b:40:04:98:2c:df:35:ff:
e5:3d:52:d5:07:76:bf:23:a4:01:b7:28:bf:f5:83:30
-----BEGIN CERTIFICATE-----
MIIBTTCB9QIBATAKBggqhkjOPQQDAjA1MQswCQYDVQQGEwJJTjESMBAGA1UECgwJ
WFlaIFRlY2guMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNjIzMTcyODE0WhcN
MjEwNjIzMTcyODE0WjA1MQswCQYDVQQGEwJJTjESMBAGA1UECgwJWFlaIFRlY2gu
MRIwEAYDVQQDDAlsb2NhbGhvc3QwVjAQBgcqhkjOPQIBBgUrgQQACgNCAATZyMyT
E1Q95kDXLzPa8tTkYoOk7K2Y9dUuzzvoX63aueBZ8BlZhLhHRbQhVjDIHQubLQLi
9U3HVy7mpvnExKdcMAoGCCqGSM49BAMCA0cAMEQCIFgKSX3jD9dWalyv+L0dXlS7
FRDsBTo623mP5nCGbT3xAiBPiV/fIUYb2mtABJgs3zX/5T1S1Qd2vyOkAbcov/WD
MA==
-----END CERTIFICATE-----
Does this certificate comply with the requirements of WebRTC for DTLS handshaking. It appears that only the public key and the fingerprint of the certificate matters for WebRTC usage.
Question 2:
I tried to compute the fingerprint over the certificate using the following function:
if (X509_digest(certificate, EVP_sha256(), rfingerprint, &fingerprintSize) !=0 )
printf("Error in X509_digest\n");
printf("finger print size is %d\n", fingerprintSize);
It displays a fingerprint size of only 7! In most of the SDPs I see that the fingerprint attribute is a lot longer. Any comments?
When working on Pion I was in the same boat as you asinix :) This is what I use to generate locally when testing WebRTC stuff.
openssl ecparam -out key.pem -name prime256v1 -genkey
openssl req -new -sha256 -key key.pem -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem
If you get stuck you can also do RSA! Maybe just to unblock you on building your MVP :)
The implementation is Pure Go now, but you can see the first version where we did CGO here
I am not sure where your stuff differs, but feel free to copy/compare (no attribution needed)!
I am needing to automate the generation of self signed SSL certificates for testing purposes for a project. I am generating a certificate and key using the following OpenSSL command:
> openssl req -x509 -newkey rsa:2048 -keyout myserver.key -out myserver.crt -subj "/C=US/ST=California/L=San Diego/O=Development/OU=Dev/CN=example.com"
During generation you are prompted to create a PEM pass phrase:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
How can I automate this? I have tried the -passin argument like this:
openssl ...... -passin pass:foobar .....
also
openssl ...... -passin file:secretfile.txt .....
But in both cases it still asks for to create a PEM pass phrase. From what I read I think that passin is only adding a password to the key file...
Is it possible to automate this somehow?
The process creates a password protected key file. It thus needs a password which gets used to store this output file. But the -passin argument you use is for reading an input file. From the documentation:
-passin arg - the input file password source
Instead you need the proper option to specify the output password, i.e.
-passout arg - the output file password source