JDK-6415637 : PKCS12KeyStore exceptions
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 5.0,6
  • Priority: P4
  • Status: Resolved
  • Resolution: Cannot Reproduce
  • OS: generic,windows_2000,windows_xp
  • CPU: generic,x86
  • Submitted: 2006-04-20
  • Updated: 2013-05-02
  • Resolved: 2013-05-02
Related Reports
Duplicate :  
JDK-6516893 - keyStore.load throws a divide by zero error when loading a certificate
Duplicate :  
JDK-6500144 - UnrecoverableKeyException accessing a no password pkcs12 file
Relates :  
JDK-6879539 - enable empty password support for pkcs12 keystore
Description
There are two issues in the PKCS12KeyStore:

 . if an incorrect password is specified, we get a random decryption failure exception rather than a message saying that the password is incorrect. This is because we first try to decrypt and only then verify the MAC:

===
java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
        at java.security.KeyStore.load(KeyStore.java:1174)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:715)
        at sun.security.tools.KeyTool.run(KeyTool.java:171)
        at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1272)
        ... 4 more
===

 . if an empty password is supplied, we get a failure due to division by zero:

===
java.io.IOException: failed to decrypt safe contents entry: java.lang.ArithmeticException: / by zero
        at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
        at java.security.KeyStore.load(KeyStore.java:1174)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:620)
        at sun.security.tools.KeyTool.run(KeyTool.java:171)
        at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: java.lang.ArithmeticException: / by zero
        at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
        at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)
        at javax.crypto.Cipher.a(DashoA13*..)
        at javax.crypto.Cipher.a(DashoA13*..)
        at javax.crypto.Cipher.init(DashoA13*..)
        at javax.crypto.Cipher.init(DashoA13*..)
        at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1271)
        ... 4 more
===
The 2nd part is resolved in 6879539.
Comments
EVALUATION Right.
20-04-2006