Problem using JKS KeyStore for encryption/decryption

[Rami Jaamour <rj...@parasoft.com>]

Hello,

I am wondering what could be the reason for me getting this Exception? 
I've been successfully able to encrypt and decrypt with the PKCS12 
KeyStore which is included in WSS4J.  I created several of my own JKS 
KeyStores using the keytool with typical options and it works for 
Signatures and I appear to encrypt successfully with it on the client 
side, but on the server side I get:

org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; 
nested exception is:
    java.security.UnrecoverableKeyException: Cannot recover key
    at 
org.apache.ws.security.WSSecurityEngine.handleEncryptedKey(WSSecurityEngine.java:828)
    at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
    at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:218)
    at 
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:150)
    at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:157)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:122)
    at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:157)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:122)
    at 
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:517)
    at org.apache.axis.server.AxisServer.invoke(AxisServer.java:324)
    at 
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:639)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
    at 
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284)
    at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
    at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:257)
    at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    at 
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
    at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
    at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195)
    at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
    at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
    at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
    at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
    at 
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206)
    at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
    at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700)
    at 
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584)
    at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
    at sun.security.provider.KeyProtector.recover(Unknown Source)
    at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
    at java.security.KeyStore.getKey(Unknown Source)
    at 
org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:222)
    at 
org.apache.ws.security.WSSecurityEngine.handleEncryptedKey(WSSecurityEngine.java:823)
    ... 39 more

Also can you point me to a reference or a nice tool that you use for 
creating PKCS12 KeyStores? Thank you for your time.

-- 
Rami Jaamour
Software Engineer
SOAPtest <http://www.parasoft.com/jsp/products/home.jsp?product=SOAP> 
Development
Parasoft Corporation <http://www.parasoft.com>