why call cipher.getInstance(),throw below error?

Discussion in 'Java' started by junzhang1983@gmail.com, Jul 7, 2008.

  1. Guest

    my source code is:
    Security.addProvider(new BouncyCastleProvider());
    Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");

    when run it , cause below error,who can explain it,thanks in
    advance.....

    java.lang.ExceptionInInitializerError
    at java.lang.Class.runStaticInitializers(Unknown Source)
    at javax.crypto.Cipher.a(Unknown Source)
    at javax.crypto.Cipher.getInstance(Unknown Source)
    at
    com.pioneer.bluray.security.authenticator.SignatureChecking.rsaDecrypt(Unknown
    Source)
    at
    com.pioneer.bluray.security.authenticator.SignatureChecking.fetchSignature(Unknown
    Source)
    at
    com.pioneer.bluray.security.authenticator.SignatureChecking.checkCredentialValues(Unknown
    Source)
    at
    com.pioneer.bluray.security.authenticator.SignatureChecking.checkCredentials(Unknown
    Source)
    at
    com.pioneer.bluray.security.authenticator.DVBSecUtils.invokeSecurity(Unknown
    Source)
    at org.dvb.lang.DVBClassLoader.securityCheck(Unknown Source)
    at org.dvb.lang.DVBClassLoader.acquireData(Unknown Source)
    at org.dvb.lang.DVBClassLoader.defineClassPrivileged(Unknown
    Source)
    at org.dvb.lang.DVBClassLoader.access$000(Unknown Source)
    at org.dvb.lang.DVBClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Unknown Source)
    at org.dvb.lang.DVBClassLoader.findClass(Unknown Source)
    at org.dvb.lang.DVBClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at com.sun.tv.Request.execReq(Unknown Source)
    at com.sun.tv.XletRunnable$ExecThread.run(Unknown Source)
    at java.lang.Thread.startup(Unknown Source)
    Caused by: java.lang.SecurityException: Cannot set up certs for
    trusted CAs
    at javax.crypto.SunJCE_b.<clinit>(Unknown Source)
    ... 20 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files
    are not signed by trusted signers!
    at javax.crypto.SunJCE_b.f(Unknown Source)
    at javax.crypto.SunJCE_b.e(Unknown Source)
    at javax.crypto.SunJCE_s.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Unknown Source)
    at java.security.AccessController.doPrivileged(Unknown Source)
    ... 21 more
     
    , Jul 7, 2008
    #1
    1. Advertising

  2. Roedy Green Guest

    On Mon, 7 Jul 2008 03:01:38 -0700 (PDT), wrote,
    quoted or indirectly quoted someone who said :

    > Security.addProvider(new BouncyCastleProvider());
    >Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");


    I will make a guess here that the jar you got from BouncyCastle was
    digitally signed using Jarsigner. Have a peak inside the jar at the
    manifests to see. BouncyCastle's certificate may have been backed by
    a CA not in your .cacerts. What you would then need to do is import
    the root cert of that CA as a certificate authority.

    Perhaps some file YOU created has the same problem, possibly a
    self-signed certificate.

    You can use keytool.exe. see
    http://mindprod.com/jgloss/keytoolexe.html#UPDATINGROOTS
    or keyman. See http://mindprod.com/jgloss/keyman.html

    Also see
    http://mindprod.com/jgloss/certificate.html#UPDATING

    see also
    http://www.jensign.com/JavaScience/dotnet/RSAEncrypt/index.html
    for an example of RSA ciphers.


    I wrote the following SSCCE to see if I could help you out.

    Unfortunately, my code does not work and I can't figure out why.
    It just gets -1 when I try to read back the encrypted length I put on
    the front of the stream.

    JCE code rarely works first time. However, I am having a different
    problem from you, so perhaps this code might give you a clue.

    package com.mindprod.example;

    import javax.crypto.Cipher;
    import javax.crypto.CipherInputStream;
    import javax.crypto.CipherOutputStream;
    import javax.crypto.NoSuchPaddingException;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.IOException;
    import java.nio.charset.Charset;
    import java.security.InvalidAlgorithmParameterException;
    import java.security.InvalidKeyException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.NoSuchProviderException;
    import java.security.cert.CertificateException;
    import java.security.cert.CertificateFactory;
    import java.security.cert.X509Certificate;

    /**
    * Demonstrate use of CipherOutputStream and CipherInputStream to
    encipher and decipher a message.
    * This particular version uses RSA/ECB/PKCS1Padding
    * but it fairly easy to convert it to use other algorithms.
    * RSA requires a digital certificate in your .keystore.
    * <p/>
    * composed with IntelliJ IDEA
    *
    * @author Roedy Green, Canadian Mind Products
    * @version 1.0 2008-07-07
    */
    public class TestCipherRSA
    {
    // ------------------------------ FIELDS
    ------------------------------

    /**
    * configure with encryption algorithm to use. Changes to
    algorithm may require additional ivParms.
    */
    private static final String ALGORITHM = "RSA";

    /**
    * configure with block mode to use. We have to use insecure ECB
    since Sun support nothing else.
    */
    private static final String BLOCK_MODE = "ECB";

    /**
    * where to find .keystore
    */
    private static final String KEYSTORE_FILENAME =
    "C:/users/roedy/.keystore";

    /**
    * configure with padding method to use
    */
    private static final String PADDING = "PKCS1Padding";

    /**
    * alias of the RSA certificate in .keystore in JKS format.
    Contains private key of recipient.
    */
    private static final String RECEIVERS_PRIVATE_CERTIFICATE_ALIAS =
    "mindprodcert2008rsa";

    /**
    * receiver's public key in standalone certificate, in x.509
    format
    */
    private static final String RECEIVERS_PUBLIC_CERTIFICATE =
    "E:/mindprod/contact/mindprodcert2008rsa.cer";

    /**
    * the encoding to use when converting bytes <--> String
    */
    private static final Charset CHARSET = Charset.forName( "UTF-8" );

    // -------------------------- STATIC METHODS
    --------------------------

    /**
    * read an enciphered file and retrieve its plaintext message.
    *
    * @param cipher method used to encrypt the file
    * @param privateCert certificate, including private key of
    recipient.
    * @param file file where the message was written.
    * @return the reconstituted decrypted message.
    * @throws java.security.InvalidKeyException
    * if something wrong with the key.
    * @throws java.io.IOException if problems reading the file.
    */
    @SuppressWarnings( { "JavaDoc" } )
    private static String readCiphered( Cipher cipher, X509Certificate
    privateCert, File file )
    throws InvalidKeyException, IOException,
    InvalidAlgorithmParameterException
    {
    cipher.init( Cipher.DECRYPT_MODE, privateCert );

    final CipherInputStream cin = new CipherInputStream( new
    FileInputStream( file ), cipher );

    // read big endian short length, msb then lsb
    final int messageLengthInBytes = ( cin.read() << 8 ) |
    cin.read();
    System.out.println( file.length() + " enciphered bytes in
    file" );
    System.out.println( messageLengthInBytes + " reconstituted
    bytes" );

    final byte[] reconstitutedBytes = new
    byte[messageLengthInBytes];

    // we can't trust CipherInputStream to give us all the data in
    one shot
    int bytesReadSoFar = 0;

    int bytesRemaining = messageLengthInBytes;
    while ( bytesRemaining > 0 )
    {
    final int bytesThisChunk = cin.read( reconstitutedBytes,
    bytesReadSoFar, bytesRemaining );
    if ( bytesThisChunk == 0 )
    {
    throw new IOException( file.toString() + " corrupted."
    );
    }
    bytesReadSoFar += bytesThisChunk;
    bytesRemaining -= bytesThisChunk;
    }
    cin.close();
    return new String( reconstitutedBytes, CHARSET );
    }

    /**
    * write a plaintext message to a file enciphered.
    *
    * @param cipher the method to use to encrypt the file.
    * @param publicCert the certificate, containing public key
    of recipient.
    * @param file the file to write the encrypted message to.
    * @param plainText the plaintext of the message to write.
    * @throws java.security.InvalidKeyException
    * if something is wrong with they key
    * @throws java.io.IOException if there are problems writing the
    file.
    * @throws java.security.InvalidAlgorithmParameterException
    * if problems with CBC_SALT.
    */
    private static void writeCiphered( Cipher cipher, X509Certificate
    publicCert, File file, String plainText )
    throws InvalidKeyException, IOException,
    InvalidAlgorithmParameterException
    {
    cipher.init( Cipher.ENCRYPT_MODE, publicCert );
    final CipherOutputStream cout = new CipherOutputStream( new
    FileOutputStream( file ), cipher );
    final byte[] plainTextBytes = plainText.getBytes( CHARSET );
    System.out.println( plainTextBytes.length + " plaintext bytes
    written" );
    // prepend with big-endian short message length, will be
    encrypted too.
    cout.write( plainTextBytes.length >>> 8 );// msb
    cout.write( plainTextBytes.length & 0xff );// lsb
    cout.write( plainTextBytes );
    cout.close();
    }

    // --------------------------- main() method
    ---------------------------

    /**
    * Demonstrate use of CipherOutputStream and CipherInputStream to
    encipher and decipher a message.
    *
    * @param args not used
    * @throws java.security.NoSuchAlgorithmException
    * if DES is not supported
    * @throws javax.crypto.NoSuchPaddingException
    * if PKCS5 padding is not supported.
    * @throws java.security.InvalidKeyException
    * if there is something wrong with
    the key.
    * @throws java.io.IOException if there are problems reading or
    writing the file.
    * @throws java.security.InvalidAlgorithmParameterException
    * if problems with CBC_SALT.
    */
    public static void main( String[] args ) throws
    CertificateException,
    InvalidAlgorithmParameterException,
    InvalidKeyException,
    IOException,
    KeyStoreException,
    NoSuchAlgorithmException,
    NoSuchPaddingException,
    NoSuchProviderException
    {
    // The secret message we want to send to our secret agent in
    London.
    final String plainText = "W. to visit Abu Ghraib for a hands
    on, wink wink, tomorrow at 19:05.";

    // instead of generating a secret key, we use a certificate,
    contanining the receiver's public key
    final FileInputStream fis = new FileInputStream(
    RECEIVERS_PUBLIC_CERTIFICATE );
    final CertificateFactory cf = CertificateFactory.getInstance(
    "X.509" );
    final X509Certificate publicCert = ( X509Certificate )
    cf.generateCertificate( fis );

    // use default Sun provider
    final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +
    BLOCK_MODE + "/" + PADDING );

    // write out the ciphered message
    writeCiphered( cipher, publicCert, new File( "transport.bin"
    ), plainText );

    // now try reading message back in deciphering it.
    final KeyStore keystore = KeyStore.getInstance( "JKS" );
    keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
    );
    final X509Certificate privateCert = ( X509Certificate )
    keystore.getCertificate( RECEIVERS_PRIVATE_CERTIFICATE_ALIAS );

    final String reconstitutedText = readCiphered( cipher,
    privateCert, new File( "transport.bin" ) );

    System.out.println( "original: " + plainText );
    System.out.println( "reconstituted: " + reconstitutedText );

    // output is:
    // 68 plaintext bytes written
    // 128 enciphered bytes in file (indeed there are)
    // -1 reconstituted bytes -- OOPS. Not deciphering
    properly

    }
    }
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
     
    Roedy Green, Jul 7, 2008
    #2
    1. Advertising

  3. Roedy Green Guest

    Here is a slightly tidier version of the code after running it through
    Intellij Lint.


    package com.mindprod.example;

    import javax.crypto.Cipher;
    import javax.crypto.CipherInputStream;
    import javax.crypto.CipherOutputStream;
    import javax.crypto.NoSuchPaddingException;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.FileNotFoundException;
    import java.io.FileOutputStream;
    import java.io.IOException;
    import java.nio.charset.Charset;
    import java.security.InvalidAlgorithmParameterException;
    import java.security.InvalidKeyException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.NoSuchProviderException;
    import java.security.cert.CertificateException;
    import java.security.cert.CertificateFactory;
    import java.security.cert.X509Certificate;

    /**
    * Demonstrate use of CipherOutputStream and CipherInputStream to
    encipher and decipher a message.
    * This particular version uses RSA/ECB/PKCS1Padding
    * but it fairly easy to convert it to use other algorithms.
    * RSA requires a digital certificate in your .keystore.
    * <p/>
    * composed with IntelliJ IDEA
    *
    * @author Roedy Green, Canadian Mind Products
    * @version 1.0 2008-07-07
    */
    public class TestCipherRSA
    {
    // ------------------------------ FIELDS
    ------------------------------

    /**
    * configure with encryption algorithm to use. Changes to
    algorithm may require additional ivParms.
    */
    private static final String ALGORITHM = "RSA";

    /**
    * configure with block mode to use. We have to use insecure ECB
    since Sun support nothing else.
    */
    private static final String BLOCK_MODE = "ECB";

    /**
    * where to find .keystore
    */
    private static final String KEYSTORE_FILENAME =
    "C:/users/roedy/.keystore";

    /**
    * configure with padding method to use
    */
    private static final String PADDING = "PKCS1Padding";

    /**
    * alias of the RSA certificate in .keystore in JKS format.
    Contains private key of recipient.
    */
    private static final String RECEIVERS_PRIVATE_CERTIFICATE_ALIAS =
    "mindprodcert2008rsa";

    /**
    * receiver's public key in standalone certificate, in x.509
    format
    */
    private static final String RECEIVERS_PUBLIC_CERTIFICATE =
    "E:/mindprod/contact/mindprodcert2008rsa.cer";

    /**
    * the encoding to use when converting bytes <--> String
    */
    private static final Charset CHARSET = Charset.forName( "UTF-8" );

    // -------------------------- STATIC METHODS
    --------------------------

    /**
    * get the receiver's private cert from .keystore.
    *
    * @return certificate containing private key
    * @throws KeyStoreException if .keystore corrupt.
    * @throws IOException if trouble loading cert.
    * @throws NoSuchAlgorithmException if no JCE support.
    * @throws CertificateException if certificate corrupt.
    */
    private static X509Certificate getPrivateCert()
    throws KeyStoreException, IOException,
    NoSuchAlgorithmException, CertificateException
    {
    final KeyStore keystore = KeyStore.getInstance( "JKS" );
    keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
    );
    return ( X509Certificate ) keystore.getCertificate(
    RECEIVERS_PRIVATE_CERTIFICATE_ALIAS );
    }

    /**
    * get the receiver's public cert from standalone cert file.
    *
    * @return certificate containing public key
    * @throws FileNotFoundException if missing certificate file.
    * @throws CertificateException if certificate corrupt.
    */
    private static X509Certificate getPublicCert()
    throws FileNotFoundException, CertificateException
    {
    // instead of generating a secret key, we use a certificate,
    containing the receiver's public key
    final FileInputStream fis = new FileInputStream(
    RECEIVERS_PUBLIC_CERTIFICATE );
    final CertificateFactory cf = CertificateFactory.getInstance(
    "X.509" );
    return ( X509Certificate ) cf.generateCertificate( fis );
    }

    /**
    * read an enciphered file and retrieve its plaintext message.
    *
    * @param cipher method used to encrypt the file
    * @param privateCert certificate, including private key of
    recipient.
    * @param file file where the message was written.
    * @return the reconstituted decrypted message.
    * @throws java.security.InvalidKeyException
    * if something wrong with the key.
    * @throws java.io.IOException if problems reading the file.
    */
    @SuppressWarnings( { "JavaDoc" } )
    private static String readCiphered( Cipher cipher, X509Certificate
    privateCert, File file )
    throws InvalidKeyException, IOException
    {
    cipher.init( Cipher.DECRYPT_MODE, privateCert );

    final CipherInputStream cin = new CipherInputStream( new
    FileInputStream( file ), cipher );

    // read big endian short length, msb then lsb
    final int messageLengthInBytes = ( cin.read() << 8 ) |
    cin.read();
    System.out.println( file.length() + " enciphered bytes in
    file" );
    System.out.println( messageLengthInBytes + " reconstituted
    bytes" );

    final byte[] reconstitutedBytes = new
    byte[messageLengthInBytes];

    // we can't trust CipherInputStream to give us all the data in
    one shot
    int bytesReadSoFar = 0;

    int bytesRemaining = messageLengthInBytes;
    while ( bytesRemaining > 0 )
    {
    final int bytesThisChunk = cin.read( reconstitutedBytes,
    bytesReadSoFar, bytesRemaining );
    if ( bytesThisChunk == 0 )
    {
    throw new IOException( file.toString() + " corrupted."
    );
    }
    bytesReadSoFar += bytesThisChunk;
    bytesRemaining -= bytesThisChunk;
    }
    cin.close();
    return new String( reconstitutedBytes, CHARSET );
    }

    /**
    * write a plaintext message to a file enciphered.
    *
    * @param cipher the method to use to encrypt the file.
    * @param publicCert the certificate, containing public key of
    recipient.
    * @param file the file to write the encrypted message to.
    * @param plainText the plaintext of the message to write.
    * @throws java.security.InvalidKeyException
    * if something is wrong with the key
    * @throws java.io.IOException if there are problems writing the
    file.
    * .
    */
    private static void writeCiphered( Cipher cipher, X509Certificate
    publicCert, File file, String plainText )
    throws InvalidKeyException, IOException
    {
    cipher.init( Cipher.ENCRYPT_MODE, publicCert );
    final CipherOutputStream cout = new CipherOutputStream( new
    FileOutputStream( file ), cipher );
    final byte[] plainTextBytes = plainText.getBytes( CHARSET );
    System.out.println( plainTextBytes.length + " plaintext bytes
    written" );
    // prepend with big-endian short message length, will be
    encrypted too.
    cout.write( plainTextBytes.length >>> 8 );// msb
    cout.write( plainTextBytes.length & 0xff );// lsb
    cout.write( plainTextBytes );
    cout.close();
    }

    // --------------------------- main() method
    ---------------------------

    /**
    * Demonstrate use of CipherOutputStream and CipherInputStream to
    encipher and decipher a message.
    *
    * @param args not used
    * @throws NoSuchAlgorithmException if RSA is not supported
    * @throws NoSuchPaddingException if PKCS5 padding is not
    supported.
    * @throws InvalidKeyException if there is something wrong
    with the key.
    * @throws IOException if there are problems reading
    or writing the file.
    * @throws InvalidAlgorithmParameterException
    * if programming error
    * @throws NoSuchProviderException if no JCE support
    * @throws KeyStoreException if .keystore corrupt.
    * @throws CertificateException if either certificate corrupt.
    */
    public static void main( String[] args ) throws
    CertificateException,
    InvalidAlgorithmParameterException,
    InvalidKeyException,
    IOException,
    KeyStoreException,
    NoSuchAlgorithmException,
    NoSuchPaddingException,
    NoSuchProviderException
    {
    // The secret message we want to send to our secret agent in
    London.
    final String plainText = "W. to visit Abu Ghraib for a hands
    on, wink wink, tomorrow at 19:05.";

    // use default Sun provider
    final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +
    BLOCK_MODE + "/" + PADDING );

    final X509Certificate publicCert = getPublicCert();

    // write out the ciphered message
    writeCiphered( cipher, publicCert, new File( "transport.bin"
    ), plainText );

    // now try reading message back in deciphering it.
    final X509Certificate privateCert = getPrivateCert();

    final String reconstitutedText = readCiphered( cipher,
    privateCert, new File( "transport.bin" ) );

    System.out.println( "original: " + plainText );
    System.out.println( "reconstituted: " + reconstitutedText );

    // output is:
    // 68 plaintext bytes written
    // 128 enciphered bytes in file
    // -1 reconstituted bytes -- OOPS. Not deciphering
    properly. Can't even read lead two encrypted bytes.
    }
    }
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
     
    Roedy Green, Jul 7, 2008
    #3
  4. Roedy Green Guest

    On Mon, 7 Jul 2008 03:01:38 -0700 (PDT), wrote,
    quoted or indirectly quoted someone who said :

    >my source code is:
    > Security.addProvider(new BouncyCastleProvider());


    I have solved your problem, using Sun as the provider.
    The code is posted at http://mindprod.com/jgloss/cipher.html#RSA

    I would like to improve it by making it find the .keystore file
    automatically. For now you must configure its location.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
     
    Roedy Green, Jul 8, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mr. SweatyFinger
    Replies:
    2
    Views:
    2,224
    Smokey Grindel
    Dec 2, 2006
  2. Replies:
    2
    Views:
    1,148
  3. Replies:
    3
    Views:
    1,192
  4. Brian
    Replies:
    0
    Views:
    643
    Brian
    Jun 25, 2009
  5. kiran
    Replies:
    12
    Views:
    1,222
    Scott Sauyet
    Dec 7, 2011
Loading...

Share This Page