Closed Bug 228885 Opened 21 years ago Closed 20 years ago

invalid RSA PKCS#1 padding using rsa key sizes >= 1024 bit

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED EXPIRED

People

(Reporter: jens.hasselbach, Assigned: sspitzer)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 I take an e-mail which was encrypted with Mozilla 1.5 (using 2048 bit RSA key), extract the session key, and try to decrypt them using different crypto providers with the following result: The algorithm used to encrypt is detected as 1.2.840.113549.1.1.1. Using Bouncy Castle: Cipher keyCipher = Cipher.getInstance("1.2.840.113549.1.1.1", "BC"); // -> I get a BadPaddingException: Unknown Block Type Using Cryptix: Cipher keyCipher = Cipher.getInstance("RSA/ECB/PKCS#1","CryptixCrypto"); // -> I get a java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block Using IAIK: Cipher keyCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "IAIK"); // -> I get a javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted message is not k OCTETS long! (for key sizes up to 1016 bit this problem does not appear.) Reproducible: Always Steps to Reproduce: 1.create an encrypted mail using key size higher 1024 bit 2.try to decrypt using other software than mozilla 3. Expected Results: correct decryption
Product: MailNews → Core
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → EXPIRED
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.