Using SATSA-CRYPTO
I'm using some calls to the SATSA Crypto package which work fine when run with an emulator and NetBeans, but which were getting a NoClassDefFoundError when run on an actual device.
It appears that none of these classes are in my Midlet's jar file. I tried forcing them into the jar, but that got me a java.lang.Error, instead.
When NetBeans runs an emulator, it apparently resolves this by having some extra jars that it searches. Is there a standard place on a device where such jars would normally go?
Michael D. Spence
Mockingbird Data Systems, Inc.
Actually, I'm not using a smartcard. My phone claims to support SATSA, but there's some issue with the myriad exception classes not being defined in the phone. Of course, I can't define them because they're in java.* or javax.*. The emulator that comes with NetBeans doesn't have this problem.
It appears that using the highest available level of obfuscation will often help in situations like these, because it hides the forbidden class names, so you can include them in the jar. In my particular case, this wasn't enough, so I switched to the bouncycastle library: http://www.bouncycastle.org. This works great with the emulator and my phone, and has more and better features than SATSA.
Similar Messages
-
Preverify ERROR for in Eclipse while using SATSA-crypto.jar
I have created simple application to encrypt the string using Cipher class like below:
This code snippet I got from the forums.nokia;
In this The string "THIS IS A SECRET MESSAGE" is encrypted and decrypted using the key "SECRET!!" .
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.microedition.lcdui.Command;
import javax.microedition.lcdui.CommandListener;
import javax.microedition.lcdui.Displayable;
import javax.microedition.lcdui.Form;
import javax.microedition.lcdui.Item;
import javax.microedition.lcdui.TextBox;
import javax.microedition.lcdui.TextField;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
public class FirstForm extends Form implements CommandListener {
TextField txtData=new TextField("Enter the Data","",10,TextField.ANY);
Command cmdEncrypt=new Command("Encrypt",Command.SCREEN,1);
public FirstForm(String arg0)
super(arg0);
this.append(txtData);
this.addCommand(cmdEncrypt);
this.setCommandListener(this);
public void commandAction(Command cmd, Displayable frm)
if(cmd==this.cmdEncrypt)
System.out.println("Command Is Pressed.......");
byte[] msg = "THIS IS A SECRET MESSAGE".getBytes();
byte[] enMsg = new byte[10000];
byte[] deMsg = new byte[10000];
//create new cipher using DES algorithm
try {
Cipher c = Cipher.getInstance("DES");
//our raw byte[] key - please note that since we use DES algorithm,
//the key must be 8 bytes long
byte[] b = "SECRET!!".getBytes();
//init the cipher to encrypt the data
c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(b,0,b.length,"DES"));
int numBytes = c.doFinal(msg, 0, msg.length, enMsg, 0);
System.out.println("Encrypted Message is"+enMsg);
//init the cipher to decrypt the data
c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(b,0,b.length,"DES"));
numBytes = c.doFinal(enMsg, 0, numBytes, deMsg, 0);
String s = new String(deMsg,0,numBytes);
System.out.println("Decrypted Message is"+s);
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalStateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ShortBufferException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}after clicking on command button the Encrypted and decrypted sting is shown on the console
I have tested this code with wtk2.5.2.
This code works fine with sun'sWTK 2.5.2
But when; I have created project with the eclippse and wtk22
1) I added the satsa-crypto.jar in projrct->Properties->java-Builder-Path in "Library tab"
2)I Had also checked the checkbox before satsa-crypto.jar "Order-Of-Export Tab"
I am using the Ant Built
After Building I got Error saying::
Buildfile: D:\nitins_workspace\Encrypt\build.xml
init:
j2mepolish:
[j2mepolish] info: the license attribute is no longer supported. Please place your license.key file either to ${project.home} or to ${polish.home}.
[j2mepolish] J2ME Polish 2.0-RC4 (GPL License)
[j2mepolish] Loading device database...
[j2mepolish] Using locale [de_DE]...
[j2mepolish] assembling resources for device [Generic/midp2].
[j2mepolish] preprocessing for device [Generic/midp2].
[j2mepolish] compiling for device [Generic/midp2].
[j2mepolish-javac-Generic/midp2] Compiling 24 source files to D:\nitins_workspace\Encrypt\build\real\Generic\midp2\de_DE\classes
[j2mepolish] obfuscating for device [Generic/midp2].
[j2mepolish] proguard: ProGuard, version 3.5
[j2mepolish] proguard: Preparing output jar [D:\nitins_workspace\Encrypt\build\real\dest.jar]
[j2mepolish] preverifying for device [Generic/midp2].
[j2mepolish] preverify:Error preverifying class u
[j2mepolish] preverify: VERIFIER ERROR u.a(ILm;Lw;)V:
[j2mepolish] preverify:Cannot find class com/sun/midp/ssl/Key
[j2mepolish] Preverify call failed: 1
[j2mepolish] C:\WTK22\bin\preverify.exe -classpath D:\Java\J2ME-Polish\import\midp-2.0.jar;D:\Java\J2ME-Polish\import\cldc-1.0.jar; -d D:\nitins_workspace\Encrypt\build\real\Generic\midp2\de_DE\obfuscated -nofp -nofinalize -nonative D:\nitins_workspace\Encrypt\build\real\Generic\midp2\de_DE\obfuscated
BUILD FAILED
D:\nitins_workspace\Encrypt\build.xml:109: Unable to preverify for device [Generic/midp2] - preverify returned result 1
Total time: 7 seconds What may be the reason of this??I think you need to post the stack trace error message to get a response.
-
Help with RSA Encryption using SATSA
Hello,
I am a new to writing code on J2ME . I am trying to encrypt data using
RSA public key on J2ME using SATSA.
I generated the public key using openssl in the PEM format and stored the
key (mypublickey) as a Base64 decoded byte array in my code.
Next, I did the following:
X509EncodedKeySpec test - new X509EncodedKeySpec(mypublickey);
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey key = kf.generatePublic(test);
I used this key to encrypt as follows:
cipher c = Cipher.getInstance("RSA");
c.init(Cipher.ENCRYPT_MODE, key);
c.doFinal(data,0,data.length,ciphertext,0);
where byte[] data = "1234567890".getBytes();
I get no errors during this process.
Now, when I try to decrypt the string, I get a padding error as follows:
javax.crypto.BadPaddingException: Data must start with zero
The decode is done on a server.
I tried getting an instance of the cipher with RSA/ECB/NoPadding and this time the decrypt gives junk.
Question 2: The SATSA example online at http://java.sun.com/j2me/docs/satsa-dg/AppD.html
has a public key embedded as a byte array. They haven't explained how
this key is generated. Does someone know?
Question 3: Suppose, I can get the modulus and exponent of the public key is there any way I can convert it to X509EncodedKeySpec so that I can
use the APIs in SATSA?
Thanks in advance for your help. I have been trying to solve this for a lot of time and any help will be greatly appreciated.Just wanted to add my code:
public class test2 {
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ShortBufferException {
// TODO Auto-generated method stub
byte [] data = "012345678901234567890123456789ab".getBytes();
Base64 base64 = new Base64();
/*public key generated by
byte [] mypublickey = base64.decode("publickey in PEM format");
byte [] ciphertext = new byte[128];
X509EncodedKeySpec test = new X509EncodedKeySpec(mypublickey);
byte [] myprivatekey = base64.decode("privatekey in pkcs8format");
KeyFactory rsakeyfac = KeyFactory.getInstance("RSA");
PublicKey pubkey = rsakeyfac.generatePublic(test);
Cipher c1 = Cipher.getInstance("RSA");
c1.init(Cipher.ENCRYPT_MODE, pubkey);
c1.doFinal(data, 0,data.length, ciphertext);
PKCS8EncodedKeySpec pks2 = new PKCS8EncodedKeySpec(myprivatekey);
RSAPrivateCrtKey privkey = (RSAPrivateCrtKey)rsakeyfac.generatePrivate(pks2);
Cipher c2 = Cipher.getInstance("RSA");
c2.init(Cipher.DECRYPT_MODE, privkey);
byte [] decrypteddata = c2.doFinal(ciphertext);
System.out.println("Decrypted String is:"+new String(decrypteddata).trim());
Error that I get is:
Exception in thread "main" javax.crypto.BadPaddingException: Data must start with zero
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.a(DashoA13*..)
at com.sun.crypto.provider.RSACipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..) -
Problem when using javax.crypto.KeyGenerator in netbeans
This is my IDE information:
Product Version: NetBeans IDE 6.0.1 (Build 200801291616)
Java: 1.6.0_03; Java HotSpot(TM) Client VM 1.6.0_03-b05
System: Windows XP version 5.1 running on x86; Cp1252; en_US (nb)
I am trying to develop a Test jar file. I created some simple jar files and could upload it in mobile.
Now I want to implement some encryption. For that I started writing codes. But when trying to import javax.crypto.KeyGenerator class, netbeans is showing "cannot find symbol" error. I can use javax.crypto.Cipher/BadPaddingException/IllegalBlockSizeException/NoSuchPaddingException/spec/ShortBuffrException only. If i try to use any other class of javax.crypto, i get an error.
I am new to mobility.I downloaded netbean mobility package and Installed it.
Please provide some help.. thank you....This is my IDE information:
Product Version: NetBeans IDE 6.0.1 (Build 200801291616)
Java: 1.6.0_03; Java HotSpot(TM) Client VM 1.6.0_03-b05
System: Windows XP version 5.1 running on x86; Cp1252; en_US (nb)
I am trying to develop a Test jar file. I created some simple jar files and could upload it in mobile.
Now I want to implement some encryption. For that I started writing codes. But when trying to import javax.crypto.KeyGenerator class, netbeans is showing "cannot find symbol" error. I can use javax.crypto.Cipher/BadPaddingException/IllegalBlockSizeException/NoSuchPaddingException/spec/ShortBuffrException only. If i try to use any other class of javax.crypto, i get an error.
I am new to mobility.I downloaded netbean mobility package and Installed it.
Please provide some help.. thank you.... -
How to use the crypto api with gemalto cyberflex 32k ?
Hello ,
I've done many javacard programs using this method :
_compilation with javacard kit 2.2.1
_convertion into ".cap" with the javacard kit 2.1.2
All this programs work fine with this method : helloworld, read, write in the card, ....
But when i want to use the crypto api, i can't charge the program in the card (just by adding 2 lines for generating keys):
----------> returns 0x80206A80 (6A80: Wrong data / Incorrect values i data.)
I think it's because i use the 2.1.2 version , but if i use the 2.2.1 to convert , it's another error and no program work with this method.....even helloworld doesn't work...
-----------> returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.)
I thing i must change my gpshel command , but i have read many forums but can't find the configuration for my card cyberflex 32k, some people had similar problems so they used the kit 2.1.2 combined with 2.2.1 like me, but i think they can't use the crypto api with this.........
Any help will be apreciated,
kind regards
Franck
Edited by: jojo85 on Mar 20, 2009 11:03 AMHello,
Thanks Sonnyyu,
I deleted my gpshell 1.4.2 directory and i installed gpshell 1.4.0 instead like they said , to avoid some bugs
i've tested the exemple CardEdgeII.ijc ,
here's what i got:
mode_201
enable_trace
establish_context
card_connect -readerNumber 1
select -AID a0000000030000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
delete -AID A0000003230101
delete -AID A00000032301
delete -AID A00000000101
delete -AID A000000001mode_201
enable_trace
establish_context
card_connect -readerNumber 1
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F188407A0000000030000A50D9F6E060011020201009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 8050000008674672AE4B85E01800
Wrapped command --> 8050000008674672AE4B85E01800
Response <-- 000081410002B2C600E4010151982BB4CF843B1431E57DB6418652AE9000
Command --> 848201001073CF9B92B3F11E10BE12D1318E9A8095
Wrapped command --> 848201001073CF9B92B3F11E10BE12D1318E9A8095
Response <-- 9000
delete -AID A0000003230101
Command --> 80E40000094F07A000000323010100
Wrapped command --> 84E40000114F07A000000323010149D51E784E07966B00
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID A00000032301
Command --> 80E40000084F06A0000003230100
Wrapped command --> 84E40000104F06A00000032301E3788AF4A9E32C2100
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID A00000000101
Command --> 80E40000084F06A0000000010100
Wrapped command --> 84E40000104F06A00000000101C3CC96E6E54AF0ED00
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID A000000001
Command --> 80E40000074F05A00000000100
Wrapped command --> 84E400000F4F05A000000001DA73D168B218692C00
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
install -file CardEdgeII.ijc -nvDataLimit 12000 -instParam 00 -priv 2
install -file CardEdgeII.ijc -nvDataLimit 12000 -instParam 00 -priv 2
Command --> 80E602001705A00000000107A00000000300000006EF04C60231000000
Wrapped command --> 84E602001F05A00000000107A00000000300000006EF04C60231000019F52839EB52A80200
Response <-- 009000
Command --> 80E80000EFC48230F401000FDECAFFED010204000105A00000000102001F000F001F000A00290256006C2307000A04230000067F00060000000004010004002904000107A0000000620101010107A0000000620102010107A0000000620201000107A000000062000103000A0106A0000000010119CE06006C00800313000C040400051856FFFF1BA41A2A17FB1818183718A61971008300020001011100001E4F1EC51F771F9A1FA71FAC1FB31FBC1FCD1FF41FFD20082043204B205520662071008300030001010D0000209520B520C520D52101211C21742196221F2230226F227D22E1072307000640188C00861803880010
Wrapped command --> 84E80000F7C48230F401000FDECAFFED010204000105A00000000102001F000F001F000A00290256006C2307000A04230000067F00060000000004010004002904000107A0000000620101010107A0000000620102010107A0000000620201000107A000000062000103000A0106A0000000010119CE06006C00800313000C040400051856FFFF1BA41A2A17FB1818183718A61971008300020001011100001E4F1EC51F771F9A1FA71FAC1FB31FBC1FCD1FF41FFD20082043204B205520662071008300030001010D0000209520B520C520D52101211C21742196221F2230226F227D22E1072307000640188C00861803880010C9DE1DD3FD6CD8CE
Response <-- 9000
Command --> 80E80001EF08900B7F001C7B001C03104D387B001C041075387B001C051073387B001C061063387B001C07106C387B001C081065387B001C10061030387B001C1007103038187B001C037B001C925B8C004D6108119CFF8D005318100891008087011810089100808702AD02038F00803D0610108C002037AD020324940000807B001C037B001C925B8B002A7A05361A0525321A062529071F62071F10086C08119C108D00531607610EAD021F24940000802804700CAD011F2494000080280415046708119C108D0053031A07258D002E2905198B003016056A081167008D00531605076D08119C0F8D00531A08252906160504
Wrapped command --> 84E80001F708900B7F001C7B001C03104D387B001C041075387B001C051073387B001C061063387B001C07106C387B001C081065387B001C10061030387B001C1007103038187B001C037B001C925B8C004D6108119CFF8D005318100891008087011810089100808702AD02038F00803D0610108C002037AD020324940000807B001C037B001C925B8B002A7A05361A0525321A062529071F62071F10086C08119C108D00531607610EAD021F24940000802804700CAD011F2494000080280415046708119C108D0053031A07258D002E2905198B003016056A081167008D00531605076D08119C0F8D00531A082529061605045F95980396338536
Response <-- 9000
°
°
°
there are again many lines and the response is always 9000
i'll try to find a converter to convert the .cap files of my crypto application into .ijc files
thanks,
kind regards
Franck
Edited by: jojo85 on Mar 21, 2009 2:48 PM -
Proxy to use SATSA (or apdutool) with real smart-card
Hi!
I tried to communicate with smart card applet emulated in cref (jcwde also) from midlet via SATSA. But java card development kit includes only stub classes for javacardx.crypto - so I cannot even emulate applet which uses crypto though I can install it on real java card where it works well.
So, I've written proxy which acts in place of cref (or jcwde), receives APDU from SATSA and forwards them to applet on real smart card. It is in alpha stage but does job for me.
Is anyone else interested in it?
I started registration of project on sourceforge to make it publicly available.the above problem is solved now. i am able to run WTK satsademo now..
but the problem is that the eeprom image which i created using java card development kit is not working with WTK emulator..
is this because of that protocol difference problem..
i have downloaded ur proxy application but the problem is that i hv to simulate every thing..
so is this proxy can be used to forward request to the java card emulator instead of the real card applet?
plz help me.... -
Unable to Decrypt the data properly using javax.crypto class and SunJCE
Hello all,
I am not new to Java but new to this forums
but and JCE and i wanted to write a program that Encrypts a file and also another program that decrypts it. As far Encryption is concerned i have been successful but When it comes to Decryption things aren't looking bright i have some or the other Problem with it. plz help me out .
Here is the Code for my Programs
Encryption
Code:
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
import javax.swing.*;
class MyJCE
public static void main(String args[])throws Exception
Provider sunjce = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunjce);
JFileChooser jfc = new JFileChooser();
int selection= jfc.showOpenDialog(null);
if(selection==JFileChooser.APPROVE_OPTION)
FileInputStream fis = new FileInputStream(jfc.getSelectedFile());
System.out.println("Selected file " + jfc.getSelectedFile());
try{
KeyGenerator kg = KeyGenerator.getInstance("DESede");
SecretKey key= kg.generateKey();
byte[] mkey=key.getEncoded();
System.out.println(key);
SecretKeySpec skey = new SecretKeySpec(mkey, "DESede");
Cipher cipher=Cipher.getInstance("DESede/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE,skey);
byte[] data= new byte[fis.available()];
//reading the file into data byte array
byte[] result= cipher.update(data);
byte[] enc= new byte [fis.read(result)];
System.out.println("Encrypted =" + result);
File fi= new File("/home/srikar/Encrypted");
FileOutputStream fos= new FileOutputStream(fi);
fos.write(enc);
fos.close();
byte[] encodedSpeckey = skey.getEncoded();
FileOutputStream ks= new FileOutputStream("./key.txt");
ks.write(encodedSpeckey);
System.out.println("Key written to a file");
}//try
catch(Exception ex)
ex.printStackTrace();
}//catch
}This Creates a Encrypted File. and a Encrypted key.txt
Code:
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
import javax.swing.*;
class Decrypt
public static void main(String[] args)
try
JFileChooser jfc = new JFileChooser();
int selection= jfc.showOpenDialog(null);
if(selection==JFileChooser.APPROVE_OPTION)
FileInputStream fis = new FileInputStream(jfc.getSelectedFile());
System.out.println("Selected file " + jfc.getSelectedFile());
//Read from the Encrypted Data
int ll= (int)jfc.getSelectedFile().length();
byte[] buffer = new byte[ll];
int bytesRead=fis.read(buffer);
byte[] data= new byte[bytesRead];
System.arraycopy(buffer,0,data,0,bytesRead);
//Read the Cipher Settings
FileInputStream rkey= new FileInputStream("./key.txt");
bytesRead = rkey.read(buffer);
byte[] encodedKeySpec=new byte[bytesRead];
System.arraycopy(buffer,0,encodedKeySpec,0,bytesRead);
//Recreate the Secret Symmetric Key
SecretKeySpec skeySpec= new SecretKeySpec(encodedKeySpec,"DESede");
//create the cipher for Decrypting
Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding");
cipher.init(Cipher.DECRYPT_MODE,skeySpec);
byte[] decrypted= cipher.update(data);
FileOutputStream fos= new FileOutputStream("/home/srikar/Decrypted");
fos.write(decrypted);
}//if
}//try
catch(Exception e)
e.printStackTrace();
}//catch
}//main
}//classthis Decrypt.java is expected to decrypt the above encrypted file but this simply creates a plaintext file of the same size as the Encrypted file but its contents are unreadable.
Or I endup with Exceptions like BadPadding or IllegalBlockSize Exception if i use any other Algorithm .
Please help out
thanx in advanceSrikar2871 wrote:
Well thanx for ur reply but
As i said there are No issues with ENCRYPTION and am getting an Encrypted file exactly of the same size as that of the original file and NOT as null bytes and Even am able to get a Decrypted file of again the same size of the Encrypted File but this time that data inside is in unreadable format.I ran your code EXACTLY* as posted and the contents of the file when viewed in a Hex editor was
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00So unless you are running different code to what you have posted, your file will look the same.
Cheers,
Shane -
Using javax.crypto in oracle 10g
Hi,
I have a java stored procedure for oracle 10g (running jdk1.4) that
uses the javax.crypto package and the bouncy castle provider for RSA
decryption. Here is a snippet of the code in the procedure:
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
Cipher rsaCipher = Cipher.getInstance("RSA");
RSAPrivateKey key = (RSAPrivateKey)
MSPrivKeytoJKey.getPrivateKey(aKey);
rsaCipher.init(Cipher.DECRYPT_MODE, key);
rsaCipher.doFinal(encryptedByteArray);
This works fine on my own machine running jdk1.4. However, when I load
my stored procedure into the database and run it, I get the following
exception after the line
Cipher rsaCipher = Cipher.getInstance("RSA");
tries to execute:
java.security.NoSuchAlgorithmException: Cannot find any provider
supporting RSA
I have tried the following (based on information gathered from various
forums):
- ran
loadjava -u username/pass@DB -v bcprov-jdk14-137.jar
- added the following line to java.security
security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
but i still get the same error.
I am reaching out desperately to all you experts for help :)
PouriaHi,
Unfortunately, the Java VM only supports the basic JDK functionalities; you could try the Metalink Note 356123.1 which should work using BC library but this note only addresses AES.
Furthermore, you need the following two extra permissions:
exec dbms_java.grant_permission('SCOTT', 'SYS:java.security.SecurityPermission','putProviderProperty.BC', '' );
exec dbms_java.grant_permission( 'SCOTT', 'SYS:java.security.SecurityPermission','insertProvider.BC', '' );
Oboviously SCOTT would be changed to whichever schema you are using.
Kuassi http://db360.blogspot.com -
Encryption using gnu.crypto package
Hello,
I have a program which implements a DES algorithm for encrypting files.
The program makes use of the following:
gnu.crypto.Registry;
gnu.crypto.Properties;
gnu.crypto.util.Util;
which are used in statements, for instance:
-> Util.toBytesFromString("011F1F01010E0E01");
and
-> boolean check = Properties.checkForWeakKeys();
and
-> *public DES() {*
super(Registry.DES_CIPHER, BLOCK_SIZE, KEY_SIZE);
However, when i tried to compile this program on jdk.1.6, the complier simply couldn't recognize any of the above statements, or for that matter, any statement that makes use of gnu.crypto.*;
I tried compiling it on jdk 1.3 and on jdk1.5, but in vain.
Can u please help me out with this?
DO i need anything extra to be imported? or do i need a different version of jdk?You have not published enough code. You have not published the error messages.
-
Legal trouble possible using javax.crypto?
h4. The problem
I'm currently doing an internship in france, where we need to use RSA encryption in our application as a part of our authentification.
As we could possibly sell our application in all over the world and there seem to be complicate cryptological laws my question is:
Can one possibly get into legal trouble for using the java encryption methods?
I'm totally fine with using a relatively weak encryption (for exemple 512 Bit for RSA) and I do not need to change the policy files (as I understand it,
the RSA keysize is not restricted by the standard policy files anyways) or do stronger encryption than this.
I already found something to show that exporting an application like this is not a problem.
If someone has a similar question, it can be found here: +[http://www.ssi.gouv.fr/fr/reglementation/regl_crypto.html]->Exportation et transfert de moyens de+
cryptologie depuis la France->EXPORTATION VERS D'AUTRES ÉTATS->"assurant exclusivement des fonctions d’authentification ou de contrôle d’intégrité"->LIBRE.
But my problem is not the export OUT of france but the import INTO another country (like china or russia for example).
As I am only a student, consulting a lawyer is not an option for me (too expensive).
I've ready many documents who all state what is forbidden and allowed but they mostly talk about providing cryptography and not using it.
So while logically it makes sense to say "if its not written there it must be allowed", I would like to have something concrete to show my company.
Is there an easy to prove, logical argument for this?
h4. Sources I've already consulted:
*1. [The Wassenaar Arrangement|http://www.wassenaar.org/]*
In [5.A.2.a.1.b.1.|http://www.wassenaar.org/controllists/2007/WA-LIST%20(07)%202%20Corr.%20word%20files/08%20-%20WA-LIST%20(07)%202%20Corr.%20-%20Cat%205P2.doc] it states it regulates "An "asymmetric algorithm" where the security of the algorithm is based on any of the following:
1. Factorisation of integers in excess of 512 bits (e.g., RSA);[...]"
So while it says "hey, be careful with anything more than 512 Bits" it does not explicitly state (at least I did not find it) "anything with 512 Bits or
less is totally unproblematic".
The list of participating states is quite huge so this could help me a lot if I could prove that this is not a problem:
The states are: Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece,
Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania,
Russian Federation, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom,
United States
*2.[RSA Laboratories: What are the cryptographic policies of some countries?|http://www.rsa.com/rsalabs/node.asp?id=2333]*
There is a table showing each state in a category from 1 - no restriction for cryptography to 5 - "cryptography is tightly controlled". Unfortunately not a
great part of those countries are in category 1. Unfortunatly it does not seem to differentiate between providing cryptography and using it.
*3. [Java ™ Cryptography Architecture (JCA) Reference Guide|http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html]*
It speaks about cryptographic restrictions that are in place and how you can lift them with special certificates and whatnot but it does not state that
operating within those restrictions is legal inside every country.
*4. [Bert-Jaap Koops homepage - Crypto Law Survey - Overview per country|http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#co]*
People's Republic of China
Export/ import controls
"+By State Council Order No. 273, "Commercial Use Password Management Regulations", published on 15 October 1999 and in effect since 7 October 1999, import and export of encryption products requires a license by the State Encryption Management Commission. According to a "clarification letter" sent to US+
+businesses in China in early March 2000, this involves only hardware and software for which encryption and decoding operations are core functions. As a+
+result, products in which cryptography is only built-in (such as mobile phones and browser software) are exempted. Moreover, the letter clarified that the+
+regulations do not entail key escrow.+
+However, the clarification letter only seems to apply to pre-2000 products. All products since 2000 seem to require a license.+"
So does this mean that Java needs a license (which it probably has I hope) or our product which uses it does also need it?
*5. Sun Developer Forums - Security - Cryptography*
Search for keyword "legal": nothing which matches my problem found
Search for keyword "import": nothing which matches my problem found within the first 13 pages
Search for keyword "china": nothing which matches my problem found
So, any backed up help will be greatly appreciated. Thanks!
Edited by: kirdie on Jun 30, 2008 2:54 AM
Edited by: kirdie on Jun 30, 2008 3:00 AM
Edited by: kirdie on Jun 30, 2008 3:01 AM
Edited by: kirdie on Jul 1, 2008 5:35 AM
Edited by: kirdie on Jul 3, 2008 6:29 AMIn my opinion you are only partly right, it's a legal question about software :-)
And unfortunately I can not pay a lawyer with my student earnings.
As this question is very broad (it concerns everyone who sells java software which utilises the crypto package) am very interested in how you cope with this problem.
Do you ignore it? Use weak encryption only? Ask each state for a licence? Don't sell your product to certain countries?
P.S: Or should i rather move the topic to "Other Security APIs, Tools, and Issues"?
Edited by: kirdie on Jul 4, 2008 12:39 AM -
HMAC_SHA1 encryption using javax.crypto.MAC performance problems in SPARC
Hi, I'm trying to implement a method to synchronize TOTP cards. In case the server clock and the card clock were different. So I generate a lot of TOTP keys in case to compare it with the real key so at the end I get both of the times in the server. That works in x86 (Sunfire x2200) perfectly and does not take a lot of time doing that (like 2 minutes generating 800000 keys). But when I test it on Oracle BM SPARC (T1000 LDOM 1.1) takes I lot of time. I did all kind of profiling stuff but all point to the method of the generation the TOTP in the HMAC_SHA1.
here is the code (based on JBoss 6 OTP implementation)
public synchronized static String generateTOTP(String key, String time, int returnDigits, String crypto) throws GeneralSecurityException {
String result = null;
byte[] hash;
// Using the counter
// First 8 bytes are for the movingFactor
// Complaint with base RFC 4226 (HOTP)
while(time.length() < 16 ) {
time = "0" + time;
// Get the HEX in a Byte[]
byte[] msg = hexStr2Bytes(time);
// Adding one byte to get the right conversion
byte[] k = hexStr2Bytes(key);
hash = hmac_sha1(crypto, k, msg);
// put selected bytes into result int
int offset = hash[hash.length - 1] & 0xf;
int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);
int otp = binary % DIGITS_POWER[ returnDigits ];
result = Integer.toString(otp);
while (result.length() < returnDigits ) {
result = "0" + result;
return result;
private static byte[] hmac_sha1(String crypto, byte[] keyBytes, byte[] text) throws GeneralSecurityException {
Mac hmac;
hmac = Mac.getInstance(crypto);
SecretKeySpec macKey = new SecretKeySpec(keyBytes, "RAW");
hmac.init(macKey);
return hmac.doFinal(text);
}The release of the version to production is delayed about this. I need help either to use another library or finding the right configuration for the SPARC.
Thanks in advance to everybody.
danielfjbWell It is the only approach that I came up. It is supposed the code runs max. one time per user in production, that depends in the synchronization between the server clock and the OTP card clock.
Basically the algorithm takes two consecutive keys (each 30 seconds the password changes) from the user, saving the time (server clock) for each one when the user clicks next. With both keys the server look up at what time (in server clock) the key has been generated. Performing a simple subtraction I can get the difference of times when the user generates the otp and when the server generates it.
The algorithm simply look up five days ago, and five days further the same key each 30 simulated seconds, and reports the time when it founds an equal key. It's a brute force search, but in this case I really don't know how to do it differently.
So the problem is in the type of server, because in the x86 runs the synchronization in 3 minutes or less, but in the SPARC takes 30 minutes or maybe more. It should be some native code that has problems with this implementation of javax.crypto.Mac
Hope I do make my self clear
Thank you -
How to use oracle crypto with RSA
Hi,
I found oracle crypto and we will use it http://download-uk.oracle.com/docs/cd/B25221_04/security.1013/b25372/crypto.htm#BJFIHJFH
but it generates an errors:
SQL> CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED "NetsafeCrypt" AS
2 import java.lang.*;
3 import java.io.*;
4 import oracle.security.crypto.core.*;
5 import oracle.security.crypto.util.*;
6
7 public class NetsafeCrypt {
8 public static String RSAEncrypt(String data, String pubKeyData) {
9 RSAPublicKey pubKey = RSAPublicKey(pubKeyData.getBytes());
10 return "abc";
11 }
12 };
13 /
Warning: Java created with compilation errors.
SQL> show error
Errors for JAVA SOURCE "NetsafeCrypt":
LINE/COL ERROR
0/0 NetsafeCrypt:8: cannot find symbol
0/0 symbol : class RSAPublicKey
0/0 location: class NetsafeCrypt
0/0 RSAPublicKey pubKey = RSAPublicKey(pubKeyData.getBytes());
0/0 ^
0/0 2 errors
0/0 symbol : method RSAPublicKey(byte[])
0/0 location: class NetsafeCrypt
0/0 RSAPublicKey pubKey = RSAPublicKey(pubKeyData.getBytes());
0/0 ^
0/0 NetsafeCrypt:8: cannot find symbol
My CLASSPATH is ok.
echo $CLASSPATH
/opt/app/oracle/product/11/db_1/JRE:/opt/app/oracle/product/11/db_1/jlib:/opt/app/oracle/product/11/db_1/rdbms/jlib:/opt/app/oracle/product/11/db_1/network/jlib:/opt/app/oracle/product/11/db_1/jlib/osdt_core.jar
Regards,
Tomoracle.crypto is not supported in the 10.1.x release of the oracle JVM/Database. We do support the Sun JCE encryption API's as documented by Sun. I recommend using the JCE and JSSE API's as they are the standard moving forward with later releases of Oracle.
Setting of the client CLASSPATH has no effect on classes loaded into the database. The resolution model is explained in the Oracle Database Java Developers Guide. -
Problem using java crypto class... Please help me
Hi, i'm trying to do application that send information via socket, and i have to send the data encrypted,
i`m trying to implemented the RC4 algorithm.... I read an article that said that the java sdk 1.4 has already
implemented the securities classes. So I made this little program:
import javax.crypto.spec.*;
import javax.crypto.*;
import java.security.*;
import java.io.*;
public class MicroRC4
public void encriptaClavePublica(String trama)
Cipher rc4Cipher;
byte[] rc4KeyByte;
SecretKey rc4Key;
String keyStr;
String messageEncryp;
byte[] messageEncrypByte;
rc4Key = null;
messageEncryp = trama;
// Clave para encriptar el mensaje
keyStr = new String();
keyStr = "12345678";
rc4KeyByte = new byte[8];
messageEncrypByte = new byte[255];
for(int i=0; i < 8; i++)
rc4KeyByte[i] = (byte)keyStr.charAt(i);
try
for(int i=0; i < messageEncryp.length(); i++)
messageEncrypByte[i] = (byte)messageEncryp.charAt(i);
rc4Key = (SecretKey)new SecretKeySpec(rc4KeyByte, "RC4");
rc4Cipher = Cipher.getInstance("RC4");
rc4Cipher.init(Cipher.ENCRYPT_MODE, rc4Key);
byte[] result = null;
result = rc4Cipher.doFinal(messageEncrypByte);
System.out.println("Usage:"+result);
catch(Exception e)
System.out.println(" Error: " + e.getMessage());
System.out.println("\n........................................\n");
I don't know what is wrong but when i run the application it show me the following message :
Error: Algorithm RC4 not available
Does anybody know what is wrong ??
Does anybody can help me ??
or tell me when can i find some source code that implement de RC4 algorithm
Thank's in advance..
Alejandro.Hi Alejandro,
In the ends i decided to implement the algorithm by
myself, i did it... any way thank's again.... If
anybody want to see the code, send me a mail......
AlejandroCan I also get the source code? my email id is [email protected]
Thanks a lot!
Srik. -
Crypt::cbc encrypt / decrypt using javax.crypto
I am having a bit of a time encrypting with crypt::cbc and decrypting with java. To get to the point, here is my code, perl first, java 2nd - I have tried to keep things very simple.
#!/usr/local/bin/perl -w
use strict;
use Crypt::CBC 2.30;
die "Need to specify a file" if(!(my $infile = shift));
my $key = q(nvA9s$233eOrlQG4);
my $iv = q(0123456701234567);
my $bufsize = 16384;
my $cipher = Crypt::CBC->new({
'key' => $key,
'iv' => $iv,
'header' => 'none',
'cipher' => 'Rijndael',
'keysize' => '16', #forced - default is 32 bytes
'padding' => 'standard', #PKCS5
'blocksize' => '16',
'literal_key' => '1', #do not MD5 hash key
open (FORIG,"$infile")|| die "can't open file: $!";
open (FCRYPT,">$infile.crypt")|| die "can't open file: $!";
$cipher->start('encrypting');
while(my $readsize = sysread(FORIG, my $buf, $bufsize)) {
print FCRYPT $cipher->crypt($buf);
print FCRYPT $cipher->finish();
close FCRYPT;
close FORIG;
now the java:
// i have elided the import stmts for brevity
public class AESEncrypter {
Cipher ecipher;
Cipher dcipher;
byte [] buf = new byte[1024];
public AESEncrypter() {
String strKey = "nvA9s$233eOrlQG4";
byte[] keyBytes = null;
try {
keyBytes = strKey.getBytes("UTF-8");
} catch(java.io.UnsupportedEncodingException ex) {
ex.printStackTrace();
byte[] iv = new byte[] { 0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7 };
IvParameterSpec ivSpec = new IvParameterSpec(iv);
try {
ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
try {
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
ecipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
} catch (InvalidKeyException e1) {
e1.printStackTrace();
} catch (InvalidAlgorithmParameterException e1) {
e1.printStackTrace();
public void encrypt(InputStream in, OutputStream out) {
try {
out = new CipherOutputStream(out, ecipher);
int numRead = 0;
while((numRead = in.read(buf)) >= 0) {
out.write(buf, 0, numRead);
out.close();
} catch(java.io.IOException e) {
e.printStackTrace();
public void decrypt(InputStream in, OutputStream out) {
try {
out = new CipherOutputStream(out, dcipher);
int numRead = 0;
while((numRead = in.read(buf)) >= 0) {
out.write(buf, 0, numRead);
out.close();
} catch(java.io.IOException e) {
e.printStackTrace();
public static void main(String args[]) {
if(args.length != 1) {
System.out.println("Usage: java AESEncrypter filename");
System.exit(0);
AESEncrypter encrypter = new AESEncrypter();
try {
// encrypter.encrypt(new FileInputStream(args[0]), new FileOutputStream("Java_encrypted.txt"));
encrypter.decrypt(new FileInputStream(args[0]), new FileOutputStream("Java_decrypted.txt"));
} catch (java.io.FileNotFoundException ex) {
ex.printStackTrace();
so with file named whoop.txt containing the following contents:
whoop
whoop
whoop
whoop
I do:
$>./encrypt.pl whoop.txt
and get the resulting file whoop.txt.crypt. then I do
$>java AESEncrypter whoop.txt.crypt
and get the resulting file Java_decrypted.txt. when I do a hex dump of this file:
$>dump.pl Java_decrypted.txt
i get the following
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /A /B /C /D /E /F 0123456789ABCDEF
0000 : 47 58 5F 5F 40 3A 47 58 5F 5F 40 3A 47 58 5F 5F GX__@:GX__@:GX__
0010 : 70 0A 77 68 6F 6F 70 0A p.whoop.
I have tried to ensure that everything matches between the perl and java code, however I am obviously missing something. Thanks in advance for any ideas!
Greggi have hardcoded the IV in perl as:
my $iv = q(0123456701234567);
and in the .java file as:
byte[] iv = new byte[] { 0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7 };
IvParameterSpec ivSpec = new IvParameterSpec(iv)
Are these not compatible?
thanks - gh -
4507R+E with "k9" type IOS cannot use "crypto key generate rsa" command
Hi all,
We just upgraded the IOS on our SUP7L-E supervisor in a 4507R+E from a non-k9 (crypto) image to a k9 (crypto) image so we could use SSH to manage it. The specific image we are using is: cat4500e-universalk9.SPA.03.04.04.SG.151-2.SG4.bin. We also have a pair of 2960CG-8TS-L's that are running on: c2960c405ex-universalk9-mz.152-2.E.bin. We have given the devices new hostnames and specified a domain according to instructions.
Our problem seems to be that we cannot use the "crypto key generate rsa" command to generate the keys we need to use SSH. We use this command all the time on our other 2960 and 4510 switches with no problems. We can issue other "crypto" commands but just cant generate the keys. Has anyone else experienced/fixed this problem? <!--break-->Switch#crypto key generate rsa modulus ?
<360-4096> size of the key modulus [360-4096]
I am running IOS version 3.5.3E and I can regenerate the key using the command "crypto key generate rsa modulus" command.
Maybe you are looking for
-
What is the best way to discharge and recharge your MBPR?
I've had my MBPR 13" Mid 2014 model for a week and it already reached 5 cycles. I usually discharge it down to almost 2% and recharge it 100%. I've read some articles recommending that the best discharge rate is not lower than 20% while recharging it
-
When is a tiff not a tiff in Camera RAW?
I have a big scanning job in b&w and have been going along well. I save to tiff, it opens in Camea raw where I have some global settings. After taking a break, I go back and now the new scans don't open in Camera raw. Only in PS. I go back and check.
-
I reformatted a hard drive, before I did that I moved the entire user folder from the old hard drive onto an external hard drive. I now have a new installation working. I am attempting to move the "Mail" folder from the user's "Library" folder on the
-
Iterate through HashMap and .....
Hi friends, I have a HashMap with say following entries.. (ad_key1 , value1) (ad_key2 , value2) (ad_key3 , value3) (ad_key4 , value4) (hk_key1 , value1) (hk_key2 , value2) (hk_key3 , value3) (hk_key4 , value4) Now my requirement is that i have to ite
-
Change LightSwitch default validation message
Hi, I have two tables 1. State, 2.District 1.State- StateId-Pk, StateName 2.District- DistrictId-Pk, DistrictName, StateId-Fk Now I have created a AddEditScreen for District. As the two tables are in relationship the AddEditScreen is showing 3 fields