JRuby cannot decrypt a private key using the AES-256-CBC cipher #919
Description
JRuby should be able to decrypt keys using the same ciphers as Ruby, but fails for several common ciphers including AES-256-CBC.
While this script does not have proper setup for some of the ciphers (notably ECB mode), in general it shows which cipher families do and do not work on JRuby:
require 'openssl'
# https://bugs.ruby-lang.org/issues/8690
exclude = %w[
AES-128-CBC-HMAC-SHA1
AES-256-CBC-HMAC-SHA1
aes-128-cbc-hmac-sha1
aes-256-cbc-hmac-sha1
]
key = OpenSSL::PKey::RSA.new 1024
OpenSSL::Cipher.ciphers.each do |cipher_name|
begin
next if exclude.include? cipher_name
print cipher_name
cipher = OpenSSL::Cipher.new cipher_name
encryption_key = cipher.random_key
encrypted = key.export cipher, encryption_key
OpenSSL::PKey::RSA.new encrypted, encryption_key
puts " PASS"
rescue
puts " FAIL: #{$!}"
end
endMy results with jruby 1.7.4 (1.9.3p392) 2013-05-16 2390d3b on Java HotSpot(TM) 64-Bit Server VM 1.7.0_10-ea-b16 [darwin-x86_64] for the AES ciphers:
$ jruby test.rb | grep AES
Unable to find a $JAVA_HOME at "/usr", continuing with system-provided Java...
AES-128 PASS
AES-128-CBC PASS
AES-128-CFB PASS
AES-128-CFB1 PASS
AES-128-CFB8 FAIL: Neither PUB key nor PRIV key:
AES-128-ECB FAIL: exception using cipher: java.security.InvalidAlgorithmParameterException: ECB mode cannot use IV
AES-128-OFB PASS
AES-192 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-CBC FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-CFB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-CFB1 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-CFB8 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-ECB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-192-OFB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-CBC FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-CFB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-CFB1 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-CFB8 FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-ECB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
AES-256-OFB FAIL: exception using cipher: java.security.InvalidKeyException: Illegal key size
With ruby 2.0.0p247:
$ ruby test.rb | grep AES
AES-128-CBC PASS
AES-128-CFB PASS
AES-128-CFB1 PASS
AES-128-CFB8 PASS
AES-128-CTR PASS
AES-128-ECB FAIL: Neither PUB key nor PRIV key: nested asn1 error
AES-128-OFB PASS
AES-128-XTS PASS
AES-192-CBC PASS
AES-192-CFB PASS
AES-192-CFB1 PASS
AES-192-CFB8 PASS
AES-192-CTR PASS
AES-192-ECB FAIL: Neither PUB key nor PRIV key: nested asn1 error
AES-192-OFB PASS
AES-256-CBC PASS
AES-256-CFB PASS
AES-256-CFB1 PASS
AES-256-CFB8 PASS
AES-256-CTR PASS
AES-256-ECB FAIL: Neither PUB key nor PRIV key: nested asn1 error
AES-256-OFB PASS
AES-256-XTS PASS
AES128 PASS
AES192 PASS
AES256 PASS