Menu

Encryption with SHA1

Help
2019-03-20
2019-03-21
  • Manuel Wololo

    Manuel Wololo - 2019-03-20

    Hi people, I wanted to know if SHA1 encryption is supported... I am having the following exception when trying it: Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC

     
  • Christopher Broderick

    SHA1 has worked as the default for signing for a long time OpenAS2 and we now ship the default config to use SHA256 because SHA1 is now being rejected by a lot of systems due to the fact that it has been compromised.
    However, the algorithm is defintiely supported in the current release of BouncyCastle:
    https://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.html#idSHA1

    Have you customized the OpenAS2 libraries and if so which version of BouncyCastle are you using?
    If you have not customised then provide the version of OpenAS2 you are running along with the partnership settings for "encrypt", "sign" and "as2_mdn_options"

     
  • Christopher Broderick

    Would also be helpful to provide the full stacktrace to see which method is throwing the error

     
  • Manuel Wololo

    Manuel Wololo - 2019-03-20

    Hi Cristopher, ty for your answer! I have not customized anything and the OpenAs2 I am using is version 2.7.1.

    There may be an error int he configuration, this is what you asked from the partnership:
    <attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
    <attribute name="encrypt" value="SHA1">
    <attribute name="sign" value="SHA1"></attribute></attribute></attribute>

    And the stacktrace:
    Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
    at org.openas2.lib.helper.BCCryptoHelper.getOutputEncryptor(BCCryptoHelper.java:754)
    at org.openas2.lib.helper.BCCryptoHelper.encrypt(BCCryptoHelper.java:321)
    at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:392)
    at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
    at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
    at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
    at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
    at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
    at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
    at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)

     
  • Christopher Broderick

    These are the supported algorithms for the "encypt" attribute:
    cast5
    3des
    idea
    rc2
    rc2_cbc
    aes128
    aes192
    aes256
    * aes256_wrap

    SHA* options are not supported for encryption only for signing.

     

    Last edit: Christopher Broderick 2019-03-20
  • Christopher Broderick

    NOTE: You must have the same value in the "as2_mdn_options" for signing algorithm as set foe "sign"

     
  • Manuel Wololo

    Manuel Wololo - 2019-03-20

    Ok, ty a lot Cristopher! Thought it may have been something like that

     
  • Manuel Wololo

    Manuel Wololo - 2019-03-21

    I am sorry to keep bopthering you here Cristopher, and maybe I should open a new topic, but I am having a similar issue with idea encryption. This is the stack trace:

    ERROR AS2ReceiverHandler: Error extracting received message: null [OPENAS2-21032019105158-0300-23d7d2b0-23d9-4515-a83a-77915342b88e@OpenAS2A_OID_OpenAS2B_OID]
    2019-03-21 10:53:13.634 ERROR org.bouncycastle.cms.CMSException: cannot recognise cipher: 1.3.6.1.4.1.188.7.1.1.2
    at org.bouncycastle.cms.bc.EnvelopedDataHelper.createCipher(Unknown Source)
    at org.bouncycastle.cms.bc.EnvelopedDataHelper.createContentCipher(Unknown Source)
    at org.bouncycastle.cms.bc.BcRSAKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
    at org.openas2.lib.helper.BCCryptoHelper.decrypt(BCCryptoHelper.java:284)
    at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:319)
    at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:209)
    at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:202)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

    And here the partnership:
    <attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
    <attribute name="encrypt" value="idea">
    <attribute name="sign" value="SHA256"></attribute></attribute></attribute>

     
  • Christopher Broderick

    Sorry - my mistake. - the supported list is actually these:
    cast5
    3des
    rc2_cbc
    aes128
    aes192
    aes256

     
  • Manuel Wololo

    Manuel Wololo - 2019-03-21

    Great Chris, ty!