Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

No RSA/ECB/OAEPPadding on Red Hat 8

byMR
July 10, 2024

I’m not versed in cryptography and am pulling my hair out. I have the following (simplified) setup and code.

Maven setup to use BouncyCastle

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk18on</artifactId>
    <version>1.78.1</version>
</dependency>

Code

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

try {
    PublicKey serverPubKey = CertUtil.getPubKey(new File(cert_fp));
    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
    OAEPParameterSpec specs = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
    cipher.init(1, serverPubKey, specs);
} catch (CertificateException | NoSuchPaddingException | InvalidKeyException |
            InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
    LOGGER.severe("Cannot create encryption cipher.  " + e);
}

When running on Windows (Java 17), it works. When running on Red Hat 8 (openjdk 17), I got

Cannot create encryption cipher.  java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding

The thing is it used to work on Red Hat too. I’m a bit lost on what might caused the error now. I checked the command for running it and bouncycastle is in the classpath.

I added some codes to check the providers and it looks the same on both Windows and Linux.

Set<String> algs = new TreeSet<>();
    for (Provider provider : Security.getProviders()) {
    provider.getServices().stream()
            .filter(s -> "Cipher".equals(s.getType()))
            .map(Service::getAlgorithm)
            .forEach(algs::add);
}
algs.forEach(System.out::println);

Output

AES/CBC/NoPadding
AES/CBC/PKCS5Padding
AES/CTR/NoPadding
AES/ECB/NoPadding
AES/ECB/PKCS5Padding
AES/GCM/NoPadding
AES_128/CBC/NoPadding
AES_128/ECB/NoPadding
AES_128/GCM/NoPadding
AES_192/CBC/NoPadding
AES_192/ECB/NoPadding
AES_192/GCM/NoPadding
AES_256/CBC/NoPadding
AES_256/ECB/NoPadding
AES_256/GCM/NoPadding
ARCFOUR
ChaCha20-Poly1305
DES/CBC/NoPadding
DES/CBC/PKCS5Padding
DES/ECB/NoPadding
DES/ECB/PKCS5Padding
DESede/CBC/NoPadding
DESede/CBC/PKCS5Padding
DESede/ECB/NoPadding
DESede/ECB/PKCS5Padding
PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA512AndAES_256
RSA/ECB/NoPadding
RSA/ECB/PKCS1Padding

What am I missing? What can I try? I do have to use "RSA/ECB/OAEPPadding".

Thanks

>Solution :

You need to explicitly register the Bouncy Castle crypto provider when your application starts, eg:

public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());

It definitely includes "RSA/ECB/OAEPPadding".

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading