TechQA.

Decryption of assertion using Private key from Windows Keystore

67 views Asked by At

I am trying to read a private key from the windows keystore (Windows-ROOT) and using it for decrypting the encrypted assertion in an application configured with SAML for authentication. But encountered the below error:

org.apache.xml.security.encryption.XMLEncryptionException: No installed provider supports this key: sun.security.mscapi.CPrivateKey
    at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1499) ~[xmlsec-2.1.7.jar:2.1.7]
    at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:708) [xmltooling-1.4.4.jar:?]
    at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:639) [xmltooling-1.4.4.jar:?]
    at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:794) [xmltooling-1.4.4.jar:?]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:535) [xmltooling-1.4.4.jar:?]
    at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:453) [xmltooling-1.4.4.jar:?]
    at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:414) [xmltooling-1.4.4.jar:?]
    at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) [opensaml-2.6.6.jar:?]
    at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) [opensaml-2.6.6.jar:?]

The code used to read the key from MMC is:

    KeyStore keystore = KeyStore.getInstance("Windows-ROOT");
    keystore.load(null, null);
    String certificateAlias = "privatekey";
    String p = "changeit";
    PrivateKey certificate = (PrivateKey) keystore.getKey(certificateAlias, p.toCharArray());

I have tried the following approaches to resolve the issue but was unable to resolve it.

  • I have checked that the US_export_policy and local_policy jars are already present in ${JAVA_HOME}\lib\security location.
  • I tried to explicitly cast the PrivateKey read from the MMC to java based RSAPrivateKey, but faced ClassCastExceptions.
  • I tried to use Bouncy Castle Provider while reading the keys from MMC but found out that we can only use SunMSCAPI provider to read certs from MMC.
  • I have listed down the providers before passing the encrypted assertion to decrypt method (org.opensaml.saml2.encryption.Decrypter.decrypt). I could find SunMSCAPI.

Can anyone let me know where I am going wrong??

java windows encryption ssl-certificate mmc
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in WINDOWS

Related Questions in ENCRYPTION

Related Questions in SSL-CERTIFICATE

Related Questions in MMC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions