Hi,

I'm trying to use scmail lib for smime signing/encryption. I'm now stuck with one issue.

When we run the code below:
MimeBodyPart encryptedPart = encrypter.generate(body,new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC).setProvider(keyStoreProvider).build());
ByteArrayOutputStream out = new ByteArrayOutputStream();
encryptedPart.writeTo(out);

it fails in encryptedPart.writeTo(out); Here is the trace

11-21 13:30:53.385: E/dalvikvm(10025): Could not find class 'java.awt.datatransfer.DataFlavor[]', referenced from method org.spongycastle.mail.smime.handlers.pkcs7_mime.
11-21 13:30:53.385: W/dalvikvm(10025): VFY: unable to resolve new-array 3218 ([Ljava/awt/datatransfer/DataFlavor;) in Lorg/spongycastle/mail/smime/handlers/pkcs7_mime;
11-21 13:30:53.390: D/dalvikvm(10025): VFY: replacing opcode 0x23 at 0x000e
11-21 13:30:53.400: W/dalvikvm(10025): VFY: unable to find class referenced in signature ([Ljava/awt/datatransfer/DataFlavor;)
11-21 13:30:53.400: W/dalvikvm(10025): VFY: Ljava/lang/Object; is not instance of [Ljava/lang/Object;
11-21 13:30:53.405: W/dalvikvm(10025): VFY: bad arg 2 (into [Ljava/lang/Object;)
11-21 13:30:53.405: W/dalvikvm(10025): VFY: rejecting call to Lorg/spongycastle/mail/smime/handlers/PKCS7ContentHandler;. (Ljavax/activation/ActivationDataFlavor;[Ljava/awt/datatransfer/DataFlavor;)V
11-21 13:30:53.405: W/dalvikvm(10025): VFY: rejecting opcode 0x70 at 0x0004
11-21 13:30:53.410: W/dalvikvm(10025): VFY: rejected Lorg/spongycastle/mail/smime/handlers/pkcs7_mime;. ()V
11-21 13:30:53.410: W/dalvikvm(10025): Verifier rejected class Lorg/spongycastle/mail/smime/handlers/pkcs7_mime;
11-21 13:30:53.415: W/dalvikvm(10025): Class init failed in newInstance call (Lorg/spongycastle/mail/smime/handlers/pkcs7_mime;)

As i understand BC uses java.awt classes which do not exist on Android

Instead of

static {
    // Adds a provider to the next position available.
    Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
}

is has to be

static {
    // Adds a new provider, at a specified position
    Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
}

for some Androids.

The javadoc provides more detailed information.

My conclusion is from this article, that some Androids have different customized version of Bouncy Castle installed. Some have a full customized version and some only a part of the original Bouncy Castle implemented, so adding a new provider, which is the only one providing the necessary functions, works, but if a complete custom implementation of Bouncy Castle is shipped, the instruction fails. Because the first implementation is used, but the necessary provider isn't in the first place.

Had this problem with a Motorola DROID PRO XT610 Android 2.2.2 which provides some VPN capabilities

Hi,

I have a need for the bcmail jar, in addition to the bcprov jar that you are already providing on maven. Any chance you have that jar available as well? I'm trying to figure out how to build your sources myself, but just wanted to check in case you had it already.

Thanks,
Kevin

Hi,
I get the following exception when I try to encrypt some data, currently during PGP decryption.
The artifact is from the Maven Repositories.

Exception in thread "main" java.lang.SecurityException: JCE cannot authenticate the provider SC
    at javax.crypto.Cipher.getInstance(Cipher.java:642)
    at javax.crypto.Cipher.getInstance(Cipher.java:580)
    at org.spongycastle.jcajce.NamedJcaJceHelper.createCipher(NamedJcaJceHelper.java:34)
    at org.spongycastle.openpgp.operator.jcajce.OperatorHelper.createCipher(OperatorHelper.java:106)
    at org.spongycastle.openpgp.operator.jcajce.OperatorHelper.createPublicKeyCipher(OperatorHelper.java:121)
    at org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder.decryptSessionData(JcePublicKeyDataDecryptorFactoryBuilder.java:114)
    at org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder.access$000(JcePublicKeyDataDecryptorFactoryBuilder.java:20)
    at org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder$2.recoverSessionData(JcePublicKeyDataDecryptorFactoryBuilder.java:100)
    at org.spongycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(PGPPublicKeyEncryptedData.java:178)
    at me.sniggle.security.Test.main(Test.java:199)
Caused by: java.util.jar.JarException: file:/Users/tuxbox/.m2/repository/com/madgag/scprov-jdk15on/1.47.0.2/scprov-jdk15on-1.47.0.2.jar has unsigned entries - org/spongycastle/i18n/LocalizedMessage$FilteredArguments.class
    at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:462)
    at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
    at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
    at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161)
    at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187)
    at javax.crypto.Cipher.getInstance(Cipher.java:638)
    ... 9 more

Any chance that this gets fixed soon? Keep up the good work!

I create SCEP client for android. I create server on jSCEP and it forking fine, at least iPad can enroll certificate successfully. But android client get error: "org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest attribute value does not match calculated value" For client I use next dependencies:

<dependency> 
    <groupId>com.google.code.jscep</groupId> 
    <artifactId>jscep-client</artifactId> 
    <version>1.0.0</version> 
</dependency> 
<dependency> 
    <groupId>com.madgag</groupId> 
    <artifactId>sc-light-jdk15on</artifactId> 
    <version>1.47.0.2</version> 
</dependency> 
<dependency> 
    <groupId>com.madgag</groupId> 
    <artifactId>scpkix-jdk15on</artifactId> 
    <version>1.47.0.2</version> 
</dependency> 
<dependency> 
    <groupId>com.madgag</groupId> 
    <artifactId>scprov-jdk15on</artifactId> 
    <version>1.47.0.2</version> 
</dependency> 

And part of my client code:

KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
X509Certificate certificate = X509Util.createEphemeralCertificate(
new X500Principal("CN=[email protected]"), keyPair
);
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] fingerPrint = md.digest(certificate.getEncoded());
URL url = new URL("http://localhost/scep/pkiclient.exe");
Client client = new Client.Builder()
.url(url)
.identity(certificate, keyPair)
.caIdentifier("androidClient")
.caFingerprint(fingerPrint, "MD5")
.build();
Transaction trans = client.createTransaction();
Transaction.State state = trans.enrollCertificate(certificate,keyPair,"pass".toCharArray());
On server side request fails when SignerInformation try to verify certificate. Piece of code:

PkiMessageDecoder decoder = new PkiMessageDecoder(reqCert, envDecoder);
msg = decoder.decode(sd);
....
verifier = new JcaSimpleSignerInfoVerifierBuilder().build(cert);
signerInfo.verify(verifier);
....
if (!Arrays.constantTimeAreEqual(resultDigest, signedMessageDigest.getOctets())) {
throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
}
Is any suggestion how it can be fixed on?

This feels like a real newbie question, sorry if it's just too obvious. I’m using the Spydroid Android app (which uses Spongycastle) and need to debug it. I pulled the latest copy and tried to build a no-edit version to test it all out, and got this error from lint:

Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.jce.provider.X509LDAPCertStoreSpi.

This sounds a lot like the issue discussed in http://stackoverflow.com/questions/6898801/how-to-include-the-spongy-castle-jar-in-android, except that X509LDAPCertStoreSpi.java (from scprov-jdk15on-1.47.0.2.jar) clearly uses this API that’s not part of Android. Am I missing some add-on to satisfy these references, or just deeply misunderstanding something?

Hi,

when trying to build the latest version (Release 1.46) I'm getting compile errors starting with:

spongycastle/build/artifacts/jdk1.6/bcprov-jdk16-146/src/org/spongycastle/openpgp/PGPCompressedData.java:12: package org.spongycastle.apache.bzip2 does not exist

When checking the source it turns out that there is no directory org/spongycastle/apache, so I'm guessing that it was forgotten when the sources where uploaded to gihub.

Also when one downloads the latest jar: scprov-jdk15-1.46.99.3-UNOFFICIAL-ROBERTO-RELEASE.jar it turns out that several subdirectories of the code haven't been compiled (e.g. org.spongycastle.cert). Is that intentional?

Roberto,

Thanks for doing this, much appreciated. Being in London as well, it should be easy enough for me to buy you a beer at some point.

A quick point about licenses. I note you've mostly done a straight search-and-replace to change the package names. But it looks like your become-spongy.sh also caught the license agreements, e.g.:

https://github.com/rtyley/spongycastle/blob/spongy-master/sc-light-jdk15on/src/main/java/org/spongycastle/LICENSE.java

Should it exclude that?

Cheers,
Michael

In CFBBlockCipher.class, there is:

public int decryptBlock(
byte[] in,
int inOff,
byte[] out,
int outOff)
throws DataLengthException, IllegalStateException
{
if ((inOff + blockSize) > in.length)
{
throw new DataLengthException("input buffer too short");
}...

As a result, if you attempt to decrypt some data that is smaller than the block size, then you will get this exception. This implies that some padding must be used.

However, CFB mode is NOT supposed to use padding. This is crucial to interoperability. For example, in my case, the encryption is done with Crypto++,

http://www.cryptopp.com/wiki/CFB_Mode

Where it is plainly stated that: "CFB mode must not use padding. Specifying a scheme will result in an exception."

Hi,

I am trying to use the new way of generating a PKCS10CertificationRequest using the appropriate builders in the newer API versions but have problems with it that I did not encounter in the old way of generating them.

I have raised a question in stackoverflow with more details on the problem:
http://stackoverflow.com/questions/14470423/pkcs10certificationrequestbuilder-generates-invalid-pkcs10certificationrequest-i

Any help kindly appreciated,
Boeboe

Hi there,

I´ve developed an android app that allow sign with certificates p12. My code works good on android versions 4.0. However, when I updated my android version to 4.1 the code of digital sign my app stopped work.

The problems seems to be on private key. When I tried get private key from p12 certificate it gives me a NULL on getEncoded method.

    KEY = KeyChain.getPrivateKey(this, alias).getEncoded();

There is another way to get private key or there is some workaround for that?

This is an urgent question, so if someone have solutions please tell me.

Thanks in advance,

Nelson Silva

Title says all. When will SC support release 1.47 of BC?

Thanks,
Martijn

What is the status of the "spongy-bc-v1.48" branch and the "r1rv48" tag?

Also, 1.49 is out.

Edit Dec 4th, 2013: Version 1.50 is out

'mvn install' shows the following test failures in spongy-master. This is on Ubuntu running Oracle Java version 1.6.0_37:

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running org.spongycastle.openpgp.test.DSA2Test
Tests run: 15, Failures: 0, Errors: 6, Skipped: 0, Time elapsed: 1.148 sec <<< FAILURE!

Results :

Tests in error:
  testGenerateK1024H224(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key
  testGenerateK1024H256(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key
  testGenerateK1024H384(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key
  testGenerateK1024H512(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key
  testGenerateK2048H256(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key
  testGenerateK2048H512(org.spongycastle.openpgp.test.DSA2Test): Exception decrypting key

Tests run: 15, Failures: 0, Errors: 6, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Spongy Castle parent POM project .................. SUCCESS [2.152s]
[INFO] sc-bzip2 .......................................... SUCCESS [1.516s]
[INFO] Spongy Castle core lightweight API ................ SUCCESS [1:00.044s]
[INFO] Spongy Castle Provider ............................ SUCCESS [8.380s]
[INFO] Spongy Castle OpenPGP API ......................... FAILURE [4.173s]
[INFO] Spongy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs  SKIPPED
[INFO] Spongy Castle S/MIME API .......................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:16.478s
[INFO] Finished at: Tue Dec 18 16:00:32 PST 2012
[INFO] Final Memory: 38M/223M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.7.2:test (default-test) on project scpg-jdk15on: There are test failures.
[ERROR]
[ERROR] Please refer to /home/jacko/spongycastle/scpg-jdk15on/target/surefire-reports for the individual test results.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :scpg-jdk15on

If you like you can add OpenPGP Keychain to the list of projects using Spongy Castle.

see https://github.com/dschuermann/openpgp-keychain