0

I am trying to use ECIES for encryption and decryption. This is what I have done:

  1. generated ECC key pair

  2. generated CSR

  3. Generated X509 certificate, signed by intermediate CA

  4. Server side, I need to use this certificate to encrypt data. So I have extracted PublicKey (which is showing BCECPublicKey format) from certificate.

    I couldn't find a way to convert it into ECPublicKey format so after upgrading to bouncycastle 1.55, I am able to use directly BCECPublicKey for encryption.

  5. Converted private key into ECPrivateKey and using it for decryption but now it's throwing BadPaddingException: Invalid MAC during decryption

I am new to cryptography, Please help to resolve this. Below is code I am using:

byte[] localcert = Base64.decode(
            "MIID5TCCAc2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UEBhMCc2cx" +
                    "CzAJBgNVBAgMAnNnMRcwFQYDVQQKDA5pbnRlcm1lZGlhdGVDQTAeFw0xNjExMjgw" +
                    "NDAzMjdaFw0xNzEyMDgwNDAzMjdaMDsxCzAJBgNVBAYTAnNnMQswCQYDVQQIEwJz" +
                    "ZzELMAkGA1UEBxMCc2cxEjAQBgNVBAoTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG" +
                    "CCqGSM49AwEHA0IABDuhAyMw6OilNmfWo1v6b8XwU8xbQm0Sy/I9qpdC4+qDToSl" +
                    "EOe+vw7GiVgONTJz2gwMW+VgoGp49aM5GTPo39ujgcUwgcIwCQYDVR0TBAIwADAR" +
                    "BglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJh" +
                    "dGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnbUGm/qaO1JbhY+qVlXw" +
                    "BewUI/swHwYDVR0jBBgwFoAUPSzKlcBTp0pCQ290SlDLmIQS+/0wDgYDVR0PAQH/" +
                    "BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0B" +
                    "AQsFAAOCAgEAJj0J2A3AAcrRw02ZzQsEC4nTyd05krF4oRFo0JODlzNiKaOhQt76" +
                    "Va427cpVUZwmjb/f1We+AjLJgQiEfnuD7JPSvXHLQTbXNDMgpZ9HXHZoXYfH+2h7" +
                    "MGvw6Qkj4lC10q9UC14rDSD/ZsR1J0mQCQuOIBRFNOkSPiSUu4zouCD3xv5uZVXR" +
                    "mimhJ1zgqSYF4LHegJAVwrowMsuaeQXybrIQ+/LJ8HXf8McvPZwtQTuoN/q5zHXz" +
                    "l+7q4nglyVY+TXPAdwyha0Yq2p0z0jdWm5UpEehmIpXtJghNtcCCRfb48flfZ/B7" +
                    "JW9VrlcjScOtQfSOrElYgwJ8MlUTzz7oWgbbVp9uNQZeAQQPeOQYLAvSNchPnLiP" +
                    "ftPuICW2siDeFC42lwYsDYR/9sYs7/gzL79i7bHrdMJ07brXw30hb1r6Vu9a+sHF" +
                    "D087NxHv33u22+W/2PMLDE89MynTC3H3gWvyzGIky0/kYSpZO/xZuFrg0jIJu0lH" +
                    "9b7jw1hQM1nDkTO5Gn2wJuaHaiZ22tMr47e4Xlkctal4hAA4Ya1uBXuMuwy0BC8q" +
                    "nLLxCLBcJJPAyIG2LvIT2vdWIP0Gz84mHKDbOPekHmXIF3bHE4pPeyDIJ+w00UoM" +
                    "xJdedT5BJarqEpiQtrGn4FBh3fsnHFXyNnNMCIylCvbg0Ij/AsQJCpg=");

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate x509Certificate= (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(localcert));
    PublicKey publicKey=x509Certificate.getPublicKey();

    byte[] pkey=Base64.decode("MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49" +
            "AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/" +
            "DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==");
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("prime256v1");
    KeyFactory kf = KeyFactory.getInstance("ECDSA", new BouncyCastleProvider());
    ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(new BigInteger(1, pkey), spec);
    ECPrivateKey privkey= (ECPrivateKey) kf.generatePrivate(ecPrivateKeySpec);

    String name = "prime256v1";

    //  generate derivation and encoding vectors
    byte[]  d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
    byte[]  e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
    IESParameterSpec param = new IESParameterSpec(d, e, 256);

    Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
    //Encrypt
    iesCipher.init(Cipher.ENCRYPT_MODE, publicKey, param);
    byte[] enc= iesCipher.doFinal("TestECIES".getBytes());
    System.out.println(new String(enc));
    //Decrypt
    iesCipher.init(Cipher.DECRYPT_MODE, privkey, param);
    byte[] decry=iesCipher.doFinal(enc);
    System.out.println(new String(decry));
Community
  • 1
  • 1
Mukesh
  • 177
  • 6

1 Answers1

0

So finally I have solved it. ECC PrivateKey created by openssl was in this format:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49
AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/
DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==
-----END EC PRIVATE KEY-----

So I converted it into PKCS8 formate using command:

openssl pkcs8 -topk8 -nocrypt -in localhost.pem -out localhostpkcs8.pem

and loaded in Java using below code:

    Security.addProvider(new BouncyCastleProvider());
    KeyFactory kf = KeyFactory.getInstance("EC","BC");
    PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(localhostpkcs8.getBytes()));
    PrivateKey privateKey=kf.generatePrivate(privateKeySpec);

Everything worked perfectly.

Mukesh
  • 177
  • 6