Image does not start with custom private key or keystore
Stefan4112 opened this issue · comments
I added my own private key generated with KeyStoreExplorer (they use BouncyCastle). Then the docker image could not start anymore. Also tested to add the private key with a new keystore, but same issue.
2024-04-11 12:06:42 Caused by: org.openas2.WrappedException: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42 at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:237)
2024-04-11 12:06:42 at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:221)
2024-04-11 12:06:42 at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:244)
2024-04-11 12:06:42 at org.openas2.cert.PKCS12CertificateFactory.init(PKCS12CertificateFactory.java:214)
2024-04-11 12:06:42 at org.openas2.util.XMLUtil.getComponent(XMLUtil.java:70)
2024-04-11 12:06:42 ... 5 more
2024-04-11 12:06:42 Caused by: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42 at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.unwrapKey(Unknown Source)
2024-04-11 12:06:42 at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.processShroudedKeyBag(Unknown Source)
2024-04-11 12:06:42 at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42 at org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42 at java.base/java.security.KeyStore.load(Unknown Source)
2024-04-11 12:06:42 at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:234)
2024-04-11 12:06:42 ... 9 more
Also I can not use the existing private key, because I can not decrypt on receiver side (different program).
org.bouncycastle.cms.CMSException: IOException reading content.
at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source)
at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source)
...
Caused by: java.io.IOException: unknown tag 23 encountered
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
... 17 common frames omitted
Try using the scripts provided with OpenAS2 to creatre your keystore and add certificates to it.
Also please confirm which version of OpenAS2 and which version(s) oif Java are in use on both sides.
Closing due to lack of further communication.