Hi people, I wanted to know if SHA1 encryption is supported... I am having the following exception when trying it: Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
SHA1 has worked as the default for signing for a long time OpenAS2 and we now ship the default config to use SHA256 because SHA1 is now being rejected by a lot of systems due to the fact that it has been compromised.
However, the algorithm is defintiely supported in the current release of BouncyCastle: https://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.html#idSHA1
Have you customized the OpenAS2 libraries and if so which version of BouncyCastle are you using?
If you have not customised then provide the version of OpenAS2 you are running along with the partnership settings for "encrypt", "sign" and "as2_mdn_options"
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Cristopher, ty for your answer! I have not customized anything and the OpenAs2 I am using is version 2.7.1.
There may be an error int he configuration, this is what you asked from the partnership:
<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
<attribute name="encrypt" value="SHA1">
<attribute name="sign" value="SHA1"></attribute></attribute></attribute>
And the stacktrace:
Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
at org.openas2.lib.helper.BCCryptoHelper.getOutputEncryptor(BCCryptoHelper.java:754)
at org.openas2.lib.helper.BCCryptoHelper.encrypt(BCCryptoHelper.java:321)
at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:392)
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am sorry to keep bopthering you here Cristopher, and maybe I should open a new topic, but I am having a similar issue with idea encryption. This is the stack trace:
ERROR AS2ReceiverHandler: Error extracting received message: null [OPENAS2-21032019105158-0300-23d7d2b0-23d9-4515-a83a-77915342b88e@OpenAS2A_OID_OpenAS2B_OID]
2019-03-21 10:53:13.634 ERROR org.bouncycastle.cms.CMSException: cannot recognise cipher: 1.3.6.1.4.1.188.7.1.1.2
at org.bouncycastle.cms.bc.EnvelopedDataHelper.createCipher(Unknown Source)
at org.bouncycastle.cms.bc.EnvelopedDataHelper.createContentCipher(Unknown Source)
at org.bouncycastle.cms.bc.BcRSAKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at org.openas2.lib.helper.BCCryptoHelper.decrypt(BCCryptoHelper.java:284)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:319)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:209)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:202)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
And here the partnership:
<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
<attribute name="encrypt" value="idea">
<attribute name="sign" value="SHA256"></attribute></attribute></attribute>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi people, I wanted to know if SHA1 encryption is supported... I am having the following exception when trying it: Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
SHA1 has worked as the default for signing for a long time OpenAS2 and we now ship the default config to use SHA256 because SHA1 is now being rejected by a lot of systems due to the fact that it has been compromised.
However, the algorithm is defintiely supported in the current release of BouncyCastle:
https://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.html#idSHA1
Have you customized the OpenAS2 libraries and if so which version of BouncyCastle are you using?
If you have not customised then provide the version of OpenAS2 you are running along with the partnership settings for "encrypt", "sign" and "as2_mdn_options"
Would also be helpful to provide the full stacktrace to see which method is throwing the error
Hi Cristopher, ty for your answer! I have not customized anything and the OpenAs2 I am using is version 2.7.1.
There may be an error int he configuration, this is what you asked from the partnership:
<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
<attribute name="encrypt" value="SHA1">
<attribute name="sign" value="SHA1"></attribute></attribute></attribute>
And the stacktrace:
Error creating encryptor builder using algorithm: SHA1 Cause:java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
at org.openas2.lib.helper.BCCryptoHelper.getOutputEncryptor(BCCryptoHelper.java:754)
at org.openas2.lib.helper.BCCryptoHelper.encrypt(BCCryptoHelper.java:321)
at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:392)
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
These are the supported algorithms for the "encypt" attribute:
cast5
3des
idea
rc2
rc2_cbc
aes128
aes192
aes256
* aes256_wrap
SHA* options are not supported for encryption only for signing.
Last edit: Christopher Broderick 2019-03-20
NOTE: You must have the same value in the "as2_mdn_options" for signing algorithm as set foe "sign"
Ok, ty a lot Cristopher! Thought it may have been something like that
I am sorry to keep bopthering you here Cristopher, and maybe I should open a new topic, but I am having a similar issue with idea encryption. This is the stack trace:
ERROR AS2ReceiverHandler: Error extracting received message: null [OPENAS2-21032019105158-0300-23d7d2b0-23d9-4515-a83a-77915342b88e@OpenAS2A_OID_OpenAS2B_OID]
2019-03-21 10:53:13.634 ERROR org.bouncycastle.cms.CMSException: cannot recognise cipher: 1.3.6.1.4.1.188.7.1.1.2
at org.bouncycastle.cms.bc.EnvelopedDataHelper.createCipher(Unknown Source)
at org.bouncycastle.cms.bc.EnvelopedDataHelper.createContentCipher(Unknown Source)
at org.bouncycastle.cms.bc.BcRSAKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at org.openas2.lib.helper.BCCryptoHelper.decrypt(BCCryptoHelper.java:284)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:319)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:209)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:202)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
And here the partnership:
<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256">
<attribute name="encrypt" value="idea">
<attribute name="sign" value="SHA256"></attribute></attribute></attribute>
Sorry - my mistake. - the supported list is actually these:
cast5
3des
rc2_cbc
aes128
aes192
aes256
Great Chris, ty!