1

I am creating a JAVA EE application with using some encryption techniques . I am using ibmjceprovider 10.0 jar file for signing process . My deployment environment is JBOSS with Java JDK 1.6 .

This is the complete stack trace i am getting : 

01:56:28,830 ERROR [stderr] java.io.IOException: The private key could not be decrypted
01:56:28,831 ERROR [stderr] at com.test.sample.core.CertificateService.readKeyPair(Certificatefile.java:140)
01:56:28,831 ERROR [stderr] at com.test.sample.security.certificate.CertificateHelper.generateKeyStorage(CertificateHelper.java:179)

01:56:28,847 ERROR [stderr] Caused by: org.bouncycastle.openssl.EncryptionException: exception using cipher - please check password and data.
01:56:28,847 ERROR [stderr] at org.bouncycastle.openssl.PEMUtilities.crypt(Unknown Source)
01:56:28,847 ERROR [stderr] at org.bouncycastle.openssl.PEMUtilities.crypt(Unknown Source)
01:56:28,848 ERROR [stderr] at org.bouncycastle.openssl.PEMReader$KeyPairParser.readKeyPair(Unknown Source)
01:56:28,848 ERROR [stderr] at org.bouncycastle.openssl.PEMReader$RSAKeyPairParser.parseObject(Unknown Source)
01:56:28,848 ERROR [stderr] at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
01:56:28,849 ERROR [stderr] at com.test.sample.core.CertificateService.readKeyPair(Certificatefile.java:138)
01:56:28,849 ERROR [stderr]  ... 33 more

01:56:28,849 ERROR [stderr] Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
01:56:28,850 ERROR [stderr] at javax.crypto.Cipher.getInstance(DashoA13*..)
01:56:28,850 ERROR [stderr] ... 39 more
01:56:28,851 ERROR [stderr] Caused by: java.util.jar.JarException: Cannot parse vfs:/content/sample.ear/sample-webapp.war/WEB-INF/lib/bcprov-jdk16-1.46.jar
01:56:28,851 ERROR [stderr] at javax.crypto.SunJCE_c.a(DashoA13*..)
01:56:28,851 ERROR [stderr] at javax.crypto.SunJCE_b.b(DashoA13*..)
01:56:28,851 ERROR [stderr] at javax.crypto.SunJCE_b.a(DashoA13*..)
01:56:28,852 ERROR [stderr] ... 40 more

In Certificatefile.java

PKCS10 pkcs = new PKCS10(keyPair.getPublicKey());
pkcs.encodeAndSign(new X500Signer(signature,subject));
/*calling readKeyPair here*/ 
KeyPair pair = CertificateService.readKeyPair(new ClassPathResource("com/test/sample/myroot.key").getFile());
PrivateKey privateKey = pair.getPrivate();

and in CertificateHelper.java 

public static KeyPair readKeyPair(File privateKey) throws IOException {
        Security.addProvider(new BouncyCastleProvider());
        FileReader fileReader = new FileReader(privateKey);
        PEMReader r = new PEMReader(fileReader, new PasswordFinder() {
            public char[] getPassword() {
                return "password".toCharArray();
            }
        });
        try {
        return (KeyPair) r.readObject();
    } catch (IOException ex) {
        /*throwing error here*/ 
        throw new IOException("The private key could not be decrypted", ex);
    } finally {
        r.close();
        fileReader.close();
    }
}

Why i am getting this error ? Anything i am missing here ? Any suggestion would be more helpful . Please Help .

user2986042
  • 1,098
  • 2
  • 16
  • 37
  • `JCE cannot authenticate the provider BC` Indicates the JRE does't trust BC. I've seen already two issues - the BC libraries has been "repackaged" effectively loosing the its signature (then JRE doesn't trust BC as JCE provider) or using JRE6 is VERY obsolete today and BC version must be supported by the JRE version (you should check the release notes) – gusto2 Dec 13 '17 at 09:36
  • How can i see the BC version ? – user2986042 Dec 13 '17 at 09:58
  • I see, it's `bcprov-jdk16-1.46` so in theory it should be ok. Can you make sure the jars hasn't been repackaged? (if you unzip them, in the META-INF folder there should be some signature information) – gusto2 Dec 13 '17 at 10:00
  • OK . sure . I will check now – user2986042 Dec 13 '17 at 10:02
  • in META_INF , i can see `BCKEY.DSA` , `BCKEY.SF` and `MANIFEST.MF ` file . Which one should i check ? – user2986042 Dec 13 '17 at 10:05
  • nope, it's enough these files are there.. so the issue is somewhere else :/ please see if it's related – gusto2 Dec 13 '17 at 10:06
  • The exception are getting at line 'return (KeyPair) r.readObject();' in CertificateHelper.java file . – user2986042 Dec 13 '17 at 10:07
  • https://developer.jboss.org/thread/2179?_sscc=t – gusto2 Dec 13 '17 at 10:07
  • in this thread they have got work around like The Bouncy Castle library must be installed only in the JBOSS_HOME/server/default/lib/ folder (or in whatever JBoss instance you are using). But where is the path in JBOSS AS7 ? Is this link useful ? https://stackoverflow.com/questions/9534512/bouncycastle-jboss-as7-jce-cannot-authenticate-the-provider-bc?rq=1 – user2986042 Dec 13 '17 at 10:15
  • IMHO the root cause of your issue is `JCE cannot authenticate the provider BC`. Until that is not resolved, you won't be able to use BC to creaty any security instance (PrivateKey, SecretKey, ..). So try to search for that (I haven't use jboss for very long time) – gusto2 Dec 13 '17 at 10:48

0 Answers0