Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8149411

PKCS12KeyStore cannot extract AES Secret Keys

    Details

    • Subcomponent:
    • Resolved In Build:
      b107
    • Verification:
      Verified

      Backports

        Description

        A PKCS12 KeyStore cannot decrypt and extract an encoded AES SecretKey. The attached program fails with:

        Exception in thread "main" java.security.UnrecoverableKeyException: Get Key failed: AES SecretKeyFactory not available
        at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:419)
        at sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1291)
        at sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:166)
        at java.security.KeyStore.getEntry(KeyStore.java:1535)
        at P12SecretKey.run(P12SecretKey.java:47)
        at P12SecretKey.main(P12SecretKey.java:21)
        Caused by: java.security.NoSuchAlgorithmException: AES SecretKeyFactory not available
        at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
        at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
        at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:396)
        ... 5 more

        The problem is that the PKCS12 KeyStore uses a SecretKeyFactory to decode AES keys, but there is no AES SecretKeyFactory implementation except on Solaris (via the PKCS11 provider). It turns out that for SecretKeyFactory, AES is not an essential requirement, since you can use a generic SecretKeySpec object to create an AES key and don't really need a SecretKeyFactory. Also, in general a SecretKeyFactory should not be used with a SecretKeySpec, since by definition, SecretKeySpec objects contain the raw key in a provider-independent format and do not need to be decoded.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  vinnie Vincent Ryan
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: