stackoom
  简体   繁体   中英

Extract encrypted session key from CMS Enveloped data using bouncycastle

 原文  2019-10-28 08:48:47       java/ bouncycastle/ hsm

Question

I am working on a project(Java), and requirement says that we have to decrypt a CMS envelope from a third party. Private key corresponding to this public key is stored in HSM and is non exportable. So all I need to do is extract encrypted session key from CMS Envelope and get it decrypted, and then use decrypted session key to decrypt content. Plan sounds easy only problem is I am not able to figure out how to extract encrypted session key, and if there is way in bouncy castle in which if I supply decrypted session key, it will decrypt the content itself as it does with soft keys.

1 answers

solution1
 0  2019-10-29 08:20:40

Thanks James , for pointing me towards test cases. I didn't find anything in the pkix package, but in the core package there are test cases which helped me lot. I am able to extract the session key and encrypted data using those libraries.

ContentInfo info = ContentInfo.getInstance(ASN1Primitive.fromByteArray(encryptedData));
EnvelopedData envData = EnvelopedData.getInstance(info.getContent());
ASN1Set s = envData.getRecipientInfos();
RecipientInfo recipientInfo = RecipientInfo.getInstance(s.getObjectAt(0));
byte[] encryptedKey;
if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
    KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
    encryptedKey = keyTransRecipientInfo.getEncryptedKey().getOctets();
    AlgorithmIdentifier keyEncryptionAlgorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
    logger.info("Assymetric Encryption Algorithm : {}", keyEncryptionAlgorithm.getAlgorithm().getId());
    logger.info("Octet  encrypted Key            : {}", Hex.toHexString(encryptedKey));
} else {
    throw new IllegalStateException("expected KeyTransRecipientInfo");
}
AlgorithmIdentifier contentEncryptionAlgorithm = envData.getEncryptedContentInfo().getContentEncryptionAlgorithm();
logger.info("Symmetric Encryption Algorithm  : " + contentEncryptionAlgorithm.getAlgorithm().getId());
logger.info("Octect Encrypted data           : " + Hex.toHexString(envData.getEncryptedContentInfo().getEncryptedContent().getOctets()));

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use BouncyCastle lightwigth API to generate cms enveloped data bouncycastle encrypted data send from midlet to servlet How extract from signed file p7m/Enveloped and p7s/Enveloping the original file signed with java Bouncycastle Outputting encrypted PK8 private key from Java BouncyCastle Importing PEM encrypted key pair in java using bouncycastle BouncyCastle - GPG. Extract Public Key from Secret Key Read an encrypted private key with bouncycastle/spongycastle BouncyCastle: Extract public key from Certificate causes NullPointerException How to generate Private key from string using BouncyCastle Bouncycastle: how to create an encrypted PKCS8 representation of an RSA private key?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM