> From: [email protected] On Behalf Of Stefan Selbitschka via RT > Sent: Wednesday, 20 April, 2011 05:03
(Sorry for the delay, I didn't have much time last week) > I'm just writing a smime encryption/decryption program for > Android using > BC 1.46 and getting error during decryption if I use AES256_CBC as > encryption algorithm. <snip java code & error: decrypted key wrong length> > doing the same with CMSAlgorithm.DES_EDE3_CBC (as just > commented in the > code above) everything works fine. > > Now I'm not sure where is the mistake in BC during encryption > or openssl > during decryption therefore I post on both sides. > > Find attached the certificate, key and two messages used for the test. > Your posted zip seems bad; WinZip says "corrupt" and jar x or t says "invalid END header". Using my own test cert&key and a dummy text/plain message, (and .writeTo a FileOutputStream) I can reproduce. It appears that BC's DEK generation for AES is setting(?) 24 bytes somewhere, but there's too many interacting levels for me to track down where without a debug build. I *think* it's just defaulting, because 24 IS the default for org.bouncycastle.jce.provider.symmetric.AES$KeyGen (and if I use default=Suncle provider it's 16 instead). If I use the 2-arg ctor for JceCMSContentEncryptorBuilder with keysize in bits, I get messages that openssl likes. This appears redundant, but it's better than failing. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
