We're currently usingpbeWithSHAAnd3_KeyTripleDES_CBC andpbeWithSHAAnd40BitRC2_CBC for PKCS12 but they are discontinued in openssl 3.0 in flavor of stronger algorithmns like AES. We've tried multiple ways to get to AES with bountycastle 1.79 but we failed. Current code: ASN1ObjectIdentifier keyAsn1Id = PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC;BlockCipher keyBlockCipher = CBCBlockCipher.newInstance(new DESedeEngine());OutputEncryptor keyOutputEncryptor = new BcPKCS12PBEOutputEncryptorBuilder(keyAsn1Id, keyBlockCipher) .setIterationCount(50000) .build(certificate.getPassword().toCharArray()); ASN1ObjectIdentifier certificateAsn1Id = PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC;BlockCipher certificateBlockCipher = CBCBlockCipher.newInstance(new RC2Engine());OutputEncryptor certificateOutputEncryptor = new BcPKCS12PBEOutputEncryptorBuilder(certificateAsn1Id, certificateBlockCipher) .setIterationCount(50000) .build(certificate.getPassword().toCharArray());
We're for example tried to useNISTObjectIdentifiers.id_aes256_CBC but that ends up in java.lang.NullPointerException: Cannot invoke "java.lang.Integer.intValue()" because the return value of "java.util.Map.get(Object)" is nullat org.bouncycastle.pkcs.bc.PKCS12PBEUtils.getKeySize(Unknown Source) ~[bcpkix-jdk18on-1.79.jar:?]
Whats the way to use PKCS12 with AES? |