Image does not start with custom private key or keystore

Question

Image does not start with custom private key or keystore

Stefan4112 opened this issue 6 months ago · comments

I added my own private key generated with KeyStoreExplorer (they use BouncyCastle). Then the docker image could not start anymore. Also tested to add the private key with a new keystore, but same issue.

2024-04-11 12:06:42 Caused by: org.openas2.WrappedException: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:237)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:221)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:244)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.init(PKCS12CertificateFactory.java:214)
2024-04-11 12:06:42     at org.openas2.util.XMLUtil.getComponent(XMLUtil.java:70)
2024-04-11 12:06:42     ... 5 more
2024-04-11 12:06:42 Caused by: java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.unwrapKey(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.processShroudedKeyBag(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42     at org.bouncycastle.jcajce.provider.keystore.util.AdaptingKeyStoreSpi.engineLoad(Unknown Source)
2024-04-11 12:06:42     at java.base/java.security.KeyStore.load(Unknown Source)
2024-04-11 12:06:42     at org.openas2.cert.PKCS12CertificateFactory.load(PKCS12CertificateFactory.java:234)
2024-04-11 12:06:42     ... 9 more

Also I can not use the existing private key, because I can not decrypt on receiver side (different program).

org.bouncycastle.cms.CMSException: IOException reading content.
	at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
	at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source)
	at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source)
	at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source)
	...
Caused by: java.io.IOException: unknown tag 23 encountered
	at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
	at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
	... 17 common frames omitted

Christopher Broderick · Answer 1 · Thu Apr 11 2024 19:26:49 GMT+0800 (China Standard Time)

Try using the scripts provided with OpenAS2 to creatre your keystore and add certificates to it.
Also please confirm which version of OpenAS2 and which version(s) oif Java are in use on both sides.

Christopher Broderick · Answer 2 · Tue May 21 2024 14:53:08 GMT+0800 (China Standard Time)

Closing due to lack of further communication.