You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Milan Tomic <mi...@setcce.org> on 2004/10/01 11:21:52 UTC
[java & c++] interoperability & encryption
Hi,
I'm having problems with Apache XSEC Java & C++ interoperability
when using encryption. When I encrypt some XML node in Java I can't
decrypt it using C++ libraries, and the same happen when I encrypt using
C++ and try to decrypt in Java. The only thing that is different in
encrypted XML is random 3DES kek key that was generated. Have anyone
else had this problem?
Thank you,
milan
RE: [java & c++] interoperability & encryption
Posted by Milan Tomic <mi...@setcce.org>.
In C++ error occures in WinCAPICryptoKeyRSA.cpp in privateDecrypt().
CryptoAPI function call CryptDecrypt() fails for PAD_PKCS_1_5 and XSEC
throws exception: "WinCAPI:RSA privateKeyDecrypt - Error Decrypting
PKCS1_5 padded RSA encrypt".
I remember similar interoperability difficulties when I've been
using XML signature. I had to "rotate" all bytes (big/little endian
issue). Is this something similar?
Best regards,
Milan
-----Original Message-----
From: Vishal Mahajan [mailto:Vishal.Mahajan@Sun.COM]
Sent: Friday, October 01, 2004 5:06 PM
To: security-dev@xml.apache.org
Subject: Re: [java & c++] interoperability & encryption
What's the error observed?
Vishal
Milan Tomic wrote:
Hi,
I'm having problems with Apache XSEC Java & C++ interoperability
when using encryption. When I encrypt some XML node in Java I can't
decrypt it using C++ libraries, and the same happen when I encrypt using
C++ and try to decrypt in Java. The only thing that is different in
encrypted XML is random 3DES kek key that was generated. Have anyone
else had this problem?
Thank you,
milan
Re: [java & c++] interoperability & encryption
Posted by Vishal Mahajan <Vi...@Sun.COM>.
What's the error observed?
Vishal
Milan Tomic wrote:
> Hi,
>
> I'm having problems with Apache XSEC Java & C++
> interoperability when using encryption. When I encrypt some XML node
> in Java I can't decrypt it using C++ libraries, and the same happen
> when I encrypt using C++ and try to decrypt in Java. The only thing
> that is different in encrypted XML is random 3DES kek key that was
> generated. Have anyone else had this problem?
>
> Thank you,
> milan
>
Re: [java & c++] interoperability & encryption
Posted by Matej Kafadar <ma...@setcce.org>.
We changed generation of encryption key,
old:
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
Key ek = keyGenerator.generateKey();
new:
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
Key ek = keyGenerator.generateKey();
now it works.
Milan Tomic wrote:
> Hello,
>
> It was our mistake in Java code. Works fine now.
>
> Thank you,
> Milan
>
>
>
>>-----Original Message-----
>>From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
>>Sent: Friday, October 08, 2004 2:41 AM
>>To: security-dev@xml.apache.org
>>Subject: Re: [java & c++] interoperability & encryption
>>
>>
>>Milan,
>>
>>Could you send me the code you are using to do the Java encryption?
>>I've just gone from scratch - using your keys - and encrypted
>>some XML
>>in Java and decrypted in C++. So I'm wondering if there is something
>>different about the way I'm doing it vs. the way you are doing it.
>>
>>Cheers,
>> Berin
>>
>>Berin Lautenbach wrote:
>>
>>
>>>Milan Tomic wrote:
>>>
>>>
>>>>Hello Berin,
>>>>
>>>> Yes, patch solves first problem. Thank you. Do you
>>
>>have any idea
>>
>>>>what could be solution for second problem?
>>>
>>>
>>>OK - One problem down. I have noted that the second problem also
>>>exists
>>>for OpenSSL, so the problem is more fundamental than a crypto layer
>>>issue. But what really puzzles me is that both libraries
>>
>>are handling
>>
>>>all the interop tests, so I'm a bit bemused.
>>>
>>>Cheers,
>>> Berin
>>>
>>>
>>
>
>
RE: [java & c++] interoperability & encryption
Posted by Milan Tomic <mi...@setcce.org>.
Hello,
It was our mistake in Java code. Works fine now.
Thank you,
Milan
> -----Original Message-----
> From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
> Sent: Friday, October 08, 2004 2:41 AM
> To: security-dev@xml.apache.org
> Subject: Re: [java & c++] interoperability & encryption
>
>
> Milan,
>
> Could you send me the code you are using to do the Java encryption?
> I've just gone from scratch - using your keys - and encrypted
> some XML
> in Java and decrypted in C++. So I'm wondering if there is something
> different about the way I'm doing it vs. the way you are doing it.
>
> Cheers,
> Berin
>
> Berin Lautenbach wrote:
>
> > Milan Tomic wrote:
> >
> >> Hello Berin,
> >>
> >> Yes, patch solves first problem. Thank you. Do you
> have any idea
> >> what could be solution for second problem?
> >
> >
> > OK - One problem down. I have noted that the second problem also
> > exists
> > for OpenSSL, so the problem is more fundamental than a crypto layer
> > issue. But what really puzzles me is that both libraries
> are handling
> > all the interop tests, so I'm a bit bemused.
> >
> > Cheers,
> > Berin
> >
> >
>
Re: [java & c++] interoperability & encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Milan,
Could you send me the code you are using to do the Java encryption?
I've just gone from scratch - using your keys - and encrypted some XML
in Java and decrypted in C++. So I'm wondering if there is something
different about the way I'm doing it vs. the way you are doing it.
Cheers,
Berin
Berin Lautenbach wrote:
> Milan Tomic wrote:
>
>> Hello Berin,
>>
>> Yes, patch solves first problem. Thank you. Do you have any idea
>> what could be solution for second problem?
>
>
> OK - One problem down. I have noted that the second problem also exists
> for OpenSSL, so the problem is more fundamental than a crypto layer
> issue. But what really puzzles me is that both libraries are handling
> all the interop tests, so I'm a bit bemused.
>
> Cheers,
> Berin
>
>
Re: [java & c++] interoperability & encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Milan Tomic wrote:
> Hello Berin,
>
> Yes, patch solves first problem. Thank you. Do you have any idea
> what could be solution for second problem?
OK - One problem down. I have noted that the second problem also exists
for OpenSSL, so the problem is more fundamental than a crypto layer
issue. But what really puzzles me is that both libraries are handling
all the interop tests, so I'm a bit bemused.
Cheers,
Berin
RE: [java & c++] interoperability & encryption
Posted by Milan Tomic <mi...@setcce.org>.
Hello Berin,
Yes, patch solves first problem. Thank you. Do you have any idea
what could be solution for second problem?
Best regards,
Milan
> -----Original Message-----
> From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
> Sent: Saturday, October 02, 2004 2:31 AM
> To: security-dev@xml.apache.org
> Subject: Re: [java & c++] interoperability & encryption
>
>
> Matej/Milan,
>
> There appears to be two separate problems. The first (cpp
> encrypt->java
> decrypt) is the one Matej indicated - the RSA encryption within the
> windows crypto API stores the bytes in reverse order. I have
> pasted a
> diff against WinCapiCryptoKeyRSA.cpp that will fix that problem.
>
> The second problem (java->cpp) is proving harder to find. I
> find that I
> cannot decrypt your Java using OpenSSL as the provider either
> - which is
> strange. So I'm going to have a play with the Java library
> and see if I
> can work out what it is.
>
> Can you verify whether the patch below fixes the cpp->java problem?
>
> Cheers,
> Berin
>
> cvs -z3 diff WinCAPICryptoKeyRSA.cpp (in directory
> C:\prog\SRC\xml-security\c\src\enc\WinCAPI\)
> Index: WinCAPICryptoKeyRSA.cpp
> ===================================================================
> RCS file:
> /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp,v
> retrieving revision 1.7
> diff -r1.7 WinCAPICryptoKeyRSA.cpp
> 507a508
> > // Have to reverse ordering of input :
> 509c510,512
> < memcpy(plainBuf, inBuf, inLength);
> ---
> > // memcpy(plainBuf, inBuf, inLength);
> > for (unsigned int i = 0; i < inLength; ++i)
> > plainBuf[i] = inBuf[inLength - 1 - i];
> 633a637,644
> > // Reverse the output
> > unsigned char *tbuf;
> > XSECnew(tbuf, unsigned char[encryptSize]);
> > ArrayJanitor<unsigned char> j_tbuf(tbuf);
> > memcpy(tbuf, cipherBuf, encryptSize);
> >
> > for (unsigned int i = 0; i < encryptSize; ++i)
> > cipherBuf[i] = tbuf[encryptSize - 1 - i];
>
>
>
Re: [java & c++] interoperability & encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Matej/Milan,
There appears to be two separate problems. The first (cpp encrypt->java
decrypt) is the one Matej indicated - the RSA encryption within the
windows crypto API stores the bytes in reverse order. I have pasted a
diff against WinCapiCryptoKeyRSA.cpp that will fix that problem.
The second problem (java->cpp) is proving harder to find. I find that I
cannot decrypt your Java using OpenSSL as the provider either - which is
strange. So I'm going to have a play with the Java library and see if I
can work out what it is.
Can you verify whether the patch below fixes the cpp->java problem?
Cheers,
Berin
cvs -z3 diff WinCAPICryptoKeyRSA.cpp (in directory
C:\prog\SRC\xml-security\c\src\enc\WinCAPI\)
Index: WinCAPICryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp,v
retrieving revision 1.7
diff -r1.7 WinCAPICryptoKeyRSA.cpp
507a508
> // Have to reverse ordering of input :
509c510,512
< memcpy(plainBuf, inBuf, inLength);
---
> // memcpy(plainBuf, inBuf, inLength);
> for (unsigned int i = 0; i < inLength; ++i)
> plainBuf[i] = inBuf[inLength - 1 - i];
633a637,644
> // Reverse the output
> unsigned char *tbuf;
> XSECnew(tbuf, unsigned char[encryptSize]);
> ArrayJanitor<unsigned char> j_tbuf(tbuf);
> memcpy(tbuf, cipherBuf, encryptSize);
>
> for (unsigned int i = 0; i < encryptSize; ++i)
> cipherBuf[i] = tbuf[encryptSize - 1 - i];
Matej Kafadar wrote:
> I tried these two examples, and the problem is that C++ differently
> stores encrypted symetric key. It is byte rotated (first byte is last
> byte, last byte is first byte, etc).
>
> In file toenc-cpp-enc.xml I changed
>
> <xenc:CipherValue>
> 8oxqYvaRsO9lM0pvbxAZ522imGXETq/bRP2uts5SHCm1tNwl+6LKgUcIAtDQT2yNykCdJEWoTrHx
> jo5IxE6W1dRW6fFRJ9n66lRxAYO3pdXhsGQbrEbbaJmwqKB/qVi0FsVO+kAkOSlRMuN02BERr6sG
> RQZCzlmFgX1hBEcdOUQ=
> </xenc:CipherValue>
>
> with
>
> <xenc:CipherValue>
> RDkdRwRhfYGFWc5CBkUGq68REdh04zJRKTkkQPpOxRa0WKl/oKiwmWjbRqwbZLDh1aW3gwFxVOr6
>
> 2SdR8elW1NWWTsRIjo7xsU6oRSSdQMqNbE/Q0AIIR4HKovsl3LS1KRxSzrau/UTbr07EZZiibecZ
>
> EG9vSjNl77CR9mJqjPI=
> </xenc:CipherValue>
>
> and than this can be decrypted with Java libraries. See attached file.
>
> When I have tried the same process with rotation in file
> toenc-java-enc.xml, C++ library stil doesn't work. It's strange.
>
> What's wrong?
>
>
> best regards
>
>
>
>
>
> Milan Tomic wrote:
>
>>
>> I'm attaching both XML files: one created with Java libraries and
>> one created with C++ libraries. Also, certificate that was used to
>> encrypt and decrypt both files is attached in both JKS and .pfx
>> formats. Password is "test".
>>
>> Best regards,
>> Milan
>>
>>
>>
>> -----Original Message-----
>> *From:* Milan Tomic [mailto:milan@setcce.org]
>> *Sent:* Friday, October 01, 2004 11:22 AM
>> *To:* security-dev@xml.apache.org
>> *Subject:* [java & c++] interoperability & encryption
>>
>> Hi,
>>
>> I'm having problems with Apache XSEC Java & C++
>> interoperability when using encryption. When I encrypt some XML node
>> in Java I can't decrypt it using C++ libraries, and the same happen
>> when I encrypt using C++ and try to decrypt in Java. The only thing
>> that is different in encrypted XML is random 3DES kek key that was
>> generated. Have anyone else had this problem?
>>
>> Thank you,
>> milan
>>
>>
>>
>
> ------------------------------------------------------------------------
>
> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1">
> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> <xenc:CipherData>
> <xenc:CipherValue>RDkdRwRhfYGFWc5CBkUGq68REdh04zJRKTkkQPpOxRa0WKl/oKiwmWjbRqwbZLDh1aW3gwFxVOr62SdR8elW1NWWTsRIjo7xsU6oRSSdQMqNbE/Q0AIIR4HKovsl3LS1KRxSzrau/UTbr07EZZiibecZEG9vSjNl77CR9mJqjPI=</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>Pv+/jKtIPDWFnAGPxfVTLmaPK3jGuThpH5kWmhptg8gGfzk1MKae8zzENMlyJH4w0a5hsev/GaH4
> kQwJHCa89eU9P687QRBNCzg5OMp+ScKXqO4eKVHTXE4WRjx0ACdo</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </apache:RootElement>
Re: [java & c++] interoperability & encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Ouch. This is quite wierd - both library go through the interop tests,
so I don't understand how there could be an endian problem in the key
storage.
I'll have a look-see and see what I can work out.
Cheers,
Berin
Matej Kafadar wrote:
> I tried these two examples, and the problem is that C++ differently
> stores encrypted symetric key. It is byte rotated (first byte is last
> byte, last byte is first byte, etc).
>
> In file toenc-cpp-enc.xml I changed
>
> <xenc:CipherValue>
> 8oxqYvaRsO9lM0pvbxAZ522imGXETq/bRP2uts5SHCm1tNwl+6LKgUcIAtDQT2yNykCdJEWoTrHx
> jo5IxE6W1dRW6fFRJ9n66lRxAYO3pdXhsGQbrEbbaJmwqKB/qVi0FsVO+kAkOSlRMuN02BERr6sG
> RQZCzlmFgX1hBEcdOUQ=
> </xenc:CipherValue>
>
> with
>
> <xenc:CipherValue>
> RDkdRwRhfYGFWc5CBkUGq68REdh04zJRKTkkQPpOxRa0WKl/oKiwmWjbRqwbZLDh1aW3gwFxVOr6
>
> 2SdR8elW1NWWTsRIjo7xsU6oRSSdQMqNbE/Q0AIIR4HKovsl3LS1KRxSzrau/UTbr07EZZiibecZ
>
> EG9vSjNl77CR9mJqjPI=
> </xenc:CipherValue>
>
> and than this can be decrypted with Java libraries. See attached file.
>
> When I have tried the same process with rotation in file
> toenc-java-enc.xml, C++ library stil doesn't work. It's strange.
>
> What's wrong?
>
>
> best regards
>
>
>
>
>
> Milan Tomic wrote:
>
>>
>> I'm attaching both XML files: one created with Java libraries and
>> one created with C++ libraries. Also, certificate that was used to
>> encrypt and decrypt both files is attached in both JKS and .pfx
>> formats. Password is "test".
>>
>> Best regards,
>> Milan
>>
>>
>>
>> -----Original Message-----
>> *From:* Milan Tomic [mailto:milan@setcce.org]
>> *Sent:* Friday, October 01, 2004 11:22 AM
>> *To:* security-dev@xml.apache.org
>> *Subject:* [java & c++] interoperability & encryption
>>
>> Hi,
>>
>> I'm having problems with Apache XSEC Java & C++
>> interoperability when using encryption. When I encrypt some XML node
>> in Java I can't decrypt it using C++ libraries, and the same happen
>> when I encrypt using C++ and try to decrypt in Java. The only thing
>> that is different in encrypted XML is random 3DES kek key that was
>> generated. Have anyone else had this problem?
>>
>> Thank you,
>> milan
>>
>>
>>
>
> ------------------------------------------------------------------------
>
> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1">
> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> <xenc:CipherData>
> <xenc:CipherValue>RDkdRwRhfYGFWc5CBkUGq68REdh04zJRKTkkQPpOxRa0WKl/oKiwmWjbRqwbZLDh1aW3gwFxVOr62SdR8elW1NWWTsRIjo7xsU6oRSSdQMqNbE/Q0AIIR4HKovsl3LS1KRxSzrau/UTbr07EZZiibecZEG9vSjNl77CR9mJqjPI=</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>Pv+/jKtIPDWFnAGPxfVTLmaPK3jGuThpH5kWmhptg8gGfzk1MKae8zzENMlyJH4w0a5hsev/GaH4
> kQwJHCa89eU9P687QRBNCzg5OMp+ScKXqO4eKVHTXE4WRjx0ACdo</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </apache:RootElement>
Re: [java & c++] interoperability & encryption
Posted by Matej Kafadar <ma...@setcce.org>.
I tried these two examples, and the problem is that C++ differently
stores encrypted symetric key. It is byte rotated (first byte is last
byte, last byte is first byte, etc).
In file toenc-cpp-enc.xml I changed
<xenc:CipherValue>
8oxqYvaRsO9lM0pvbxAZ522imGXETq/bRP2uts5SHCm1tNwl+6LKgUcIAtDQT2yNykCdJEWoTrHx
jo5IxE6W1dRW6fFRJ9n66lRxAYO3pdXhsGQbrEbbaJmwqKB/qVi0FsVO+kAkOSlRMuN02BERr6sG
RQZCzlmFgX1hBEcdOUQ=
</xenc:CipherValue>
with
<xenc:CipherValue>
RDkdRwRhfYGFWc5CBkUGq68REdh04zJRKTkkQPpOxRa0WKl/oKiwmWjbRqwbZLDh1aW3gwFxVOr6
2SdR8elW1NWWTsRIjo7xsU6oRSSdQMqNbE/Q0AIIR4HKovsl3LS1KRxSzrau/UTbr07EZZiibecZ
EG9vSjNl77CR9mJqjPI=
</xenc:CipherValue>
and than this can be decrypted with Java libraries. See attached file.
When I have tried the same process with rotation in file
toenc-java-enc.xml, C++ library stil doesn't work. It's strange.
What's wrong?
best regards
Milan Tomic wrote:
>
> I'm attaching both XML files: one created with Java libraries and
> one created with C++ libraries. Also, certificate that was used to
> encrypt and decrypt both files is attached in both JKS and .pfx formats.
> Password is "test".
>
> Best regards,
> Milan
>
>
>
> -----Original Message-----
> *From:* Milan Tomic [mailto:milan@setcce.org]
> *Sent:* Friday, October 01, 2004 11:22 AM
> *To:* security-dev@xml.apache.org
> *Subject:* [java & c++] interoperability & encryption
>
> Hi,
>
> I'm having problems with Apache XSEC Java & C++
> interoperability when using encryption. When I encrypt some XML node
> in Java I can't decrypt it using C++ libraries, and the same happen
> when I encrypt using C++ and try to decrypt in Java. The only thing
> that is different in encrypted XML is random 3DES kek key that was
> generated. Have anyone else had this problem?
>
> Thank you,
> milan
>
>
>
RE: [java & c++] interoperability & encryption
Posted by Milan Tomic <mi...@setcce.org>.
I'm attaching both XML files: one created with Java libraries and
one created with C++ libraries. Also, certificate that was used to
encrypt and decrypt both files is attached in both JKS and .pfx formats.
Password is "test".
Best regards,
Milan
-----Original Message-----
From: Milan Tomic [mailto:milan@setcce.org]
Sent: Friday, October 01, 2004 11:22 AM
To: security-dev@xml.apache.org
Subject: [java & c++] interoperability & encryption
Hi,
I'm having problems with Apache XSEC Java & C++ interoperability
when using encryption. When I encrypt some XML node in Java I can't
decrypt it using C++ libraries, and the same happen when I encrypt using
C++ and try to decrypt in Java. The only thing that is different in
encrypted XML is random 3DES kek key that was generated. Have anyone
else had this problem?
Thank you,
milan