Richard Tookey wrote:The BUG report you cited refers to the SunJCE provider and not the SunPKCS11 provider but since it is possible that the padding code it common to both then the BUG may be applicable. If you read to the end of the BUG report then you will see that a suggested work around for dealing with the BUG is to decrypt with no padding and write code to remove the MGF1 padding. The specification for MGF1 padding is available in rfc2437 which Google will find. As an alternative to coding MGF1 from scratch you could look at the Bouncy Castle source and extract the bits you need.
Richard Tookey wrote:Once again I don't understand! You encrypt using "OAEPWITHSHA-256ANDMGF1PADDING" and then decrypt using "PKCS1Padding" and wonder why you get a javax.crypto.BadPaddingException ! Also, you say the problem is due to SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" but you are using bcProvider which presumably means BouncyCastle!
These inconsistencies make it difficult for anyone to take your problem seriously!
P.S. Did you look at the end of the bug report for a suggested way round the SunJCE provider bug?
Manish Sahni wrote: I have developed an application and using the following keys for digital signatures those of which were placed in a file path (Directory) in testing environment.
1) XXX.p12 file - for Digital signature.
2) XXX.p12 file - for decryption of XML response.
3) XXX.cer file - for encrypting the session keys , input XML etc.
Since the files are on a particular file path location , the code is running fine.So for in the pre-production environment we have procured the CryptoGraphic Token from a CA and imported the XXX.p12 file for testing of the same, i am successfully able to digitally sign the request , However in case of decrypting the session key that is encrypted by the server using "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" i am getting the error as :-
My Testing Method is :-
I have found the issue is that the implementation of SunJCE's Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" is not compatible with other implementations (BouncyCastle/IAIK/PKCS11)
When setting AlgorithmParameters (with OAEPParameterSpec) an exception is thrown (javax.crypto.BadPaddingException)
Refer : Problems with Cipher "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING" Bug Details: https://bugs.openjdk.java.net/browse/JDK-7038158?page=com.atlassian.jira.plugin.system.issuetabpanels%3aworklog-tabpanel
Is their any way that i can decrypt the data for RSA-OAEP padding.
Tim Holloway wrote:Personally, I prefer to avoid adding listeners and other esoterica unless they're actually essential. If I can use basic building blocks, it's usually simpler, more understandable, and less likely to break unexpectedly when a new and improved standard comes out.
From a performance point of view, however, consider this: listeners are called continually. I mean, their name says it - they listen. However an init() method is only run once. So from a strictly performance point of view, a listener isn't the optimal choice. You definitely don't want to re-init logging each time the listener kicks off, and even though the overhead for checking so you only run the first time is fairly small, it's still overhead. In addition to the overhead of setting up and calling the listener (assuming you didn't need the listener for other purposes, too).
Tim Holloway wrote:No, you should not initialize logging in each and every JSP.
A relatively clean way to initialize logging is to create what I call a "null servlet", which is a servlet which has an init() method but no GET/POST handlers. Configure logging in the init() method, and make the servlet itself auto-start and be the first servlet to start. Everyone else can pick up from there.
You don't actually have to make a discrete servlet for this purpose as long as you already have something similar that you can add the log config process to. Just keep the design clean.