Tags Tags

Encrypt in Java and then decrypt with CAPICOM

June 07th, 2005 - 03:39 pm ET by John | Report spam
Help Create a new topic
Sorry if this has been asked before, but I am finding conflicting answers.

Can anyone tell me definitely whether or not it is possible to encrypt a
file with java and then decrypt it via CAPICOM?

At
<http://msdn.microsoft.com/library/d...pi.asp>
I read:
*
"Note* CAPICOM does not support the PKCS7 EncryptedData content type
but uses a non-standard ASN structure for EncryptedData. As a result,
only CAPICOM can decrypt a CAPICOM EncryptedData object."

This makes me think that is NOT possible, though it doesn't explicitly
say so.

However, back in 2002, Michel Gallant (MVP) replied to a thread in the
comp.lang.java.security group that seemed to imply that it could be
done. He offered links to some code samples. Unfortunately the codes
sample are gone, but you can read the thread at:

<http://groups-beta.google.com/group...icom+group:comp*&rnum&hl=en#bc900cb95f8cff86>

If I could just find out, for sure, whether or not is possible, I'd be
happy. I just don't want to keep trying, if it is pointless.

Thanks,
John
email Follow the discussionReplies 5 repliesReplies Make a reply

Similar topics

Replies

#1 Michel Gallant
June 07th, 2005 - 04:15 pm ET | Report spam
Some info on CAPICOM "EncryptedData" format:
http://www.jensign.com/JavaScience/...eriveBytes
So the answer is NO .. Standard Java v 1.5x cannot decrypt (using api calls)
CAPICOM EncryptedData ..
but of course you can always write your own class to do that! with info provided.

- Mitch Gallant
MVP Security
www.jensign.com

"John" <"jhook <RemoveToSend> wrote in message news:

Sorry if this has been asked before, but I am finding conflicting answers.

Can anyone tell me definitely whether or not it is possible to encrypt a
file with java and then decrypt it via CAPICOM?

At
<http://msdn.microsoft.com/library/d...pi.asp>
I read:
*
"Note* CAPICOM does not support the PKCS7 EncryptedData content type
but uses a non-standard ASN structure for EncryptedData. As a result,
only CAPICOM can decrypt a CAPICOM EncryptedData object."

This makes me think that is NOT possible, though it doesn't explicitly
say so.

However, back in 2002, Michel Gallant (MVP) replied to a thread in the
comp.lang.java.security group that seemed to imply that it could be
done. He offered links to some code samples. Unfortunately the codes
sample are gone, but you can read the thread at:




<http://groups-beta.google.com/group...icom+group:
comp*&rnum&hl=en#bc900cb95f8cff86>

If I could just find out, for sure, whether or not is possible, I'd be
happy. I just don't want to keep trying, if it is pointless.

Thanks,
John



Replies Reply to this message
#2 John
June 07th, 2005 - 05:03 pm ET | Report spam
Thanks for your prompt reply. I guess I'll just forgo CAPICOM and drop
down to the api.

Thanks,
John

Michel Gallant wrote:

Some info on CAPICOM "EncryptedData" format:
http://www.jensign.com/JavaScience/...eriveBytes
So the answer is NO .. Standard Java v 1.5x cannot decrypt (using api calls)
CAPICOM EncryptedData ..
but of course you can always write your own class to do that! with info provided.

- Mitch Gallant
MVP Security
www.jensign.com

"John" <"jhook <RemoveToSend> wrote in message news:


Sorry if this has been asked before, but I am finding conflicting answers.

Can anyone tell me definitely whether or not it is possible to encrypt a
file with java and then decrypt it via CAPICOM?

At
<http://msdn.microsoft.com/library/d...pi.asp>
I read:
*
"Note* CAPICOM does not support the PKCS7 EncryptedData content type
but uses a non-standard ASN structure for EncryptedData. As a result,
only CAPICOM can decrypt a CAPICOM EncryptedData object."

This makes me think that is NOT possible, though it doesn't explicitly
say so.

However, back in 2002, Michel Gallant (MVP) replied to a thread in the
comp.lang.java.security group that seemed to imply that it could be
done. He offered links to some code samples. Unfortunately the codes
sample are gone, but you can read the thread at:






<http://groups-beta.google.com/group...icom+group:
comp*&rnum&hl=en#bc900cb95f8cff86>


If I could just find out, for sure, whether or not is possible, I'd be
happy. I just don't want to keep trying, if it is pointless.

Thanks,
John











Replies Reply to this message
#3 Joe Kaplan \(MVP - ADSI\)
June 07th, 2005 - 11:43 pm ET | Report spam
If you can do enveloped data in Java instead of encrypted data, then CAPICOM
should be viable. It is just the CAPICOM encrypted data format that seems
to be weirdly proprietary.

Does that work for you?

Joe K.

"John" <"jhook <RemoveToSend> wrote in message
news:%
Thanks for your prompt reply. I guess I'll just forgo CAPICOM and drop
down to the api.

Thanks,
John

Michel Gallant wrote:

Some info on CAPICOM "EncryptedData" format:
http://www.jensign.com/JavaScience/...eriveBytes
So the answer is NO .. Standard Java v 1.5x cannot decrypt (using api
calls)
CAPICOM EncryptedData ..
but of course you can always write your own class to do that! with info
provided.

- Mitch Gallant
MVP Security
www.jensign.com

"John" <"jhook <RemoveToSend> wrote in message
news:

Sorry if this has been asked before, but I am finding conflicting
answers.

Can anyone tell me definitely whether or not it is possible to encrypt a
file with java and then decrypt it via CAPICOM?

At
<http://msdn.microsoft.com/library/d...pi.asp>
I read:
*
"Note* CAPICOM does not support the PKCS7 EncryptedData content type
but uses a non-standard ASN structure for EncryptedData. As a result,
only CAPICOM can decrypt a CAPICOM EncryptedData object."

This makes me think that is NOT possible, though it doesn't explicitly
say so.

However, back in 2002, Michel Gallant (MVP) replied to a thread in the
comp.lang.java.security group that seemed to imply that it could be
done. He offered links to some code samples. Unfortunately the codes
sample are gone, but you can read the thread at:





<http://groups-beta.google.com/group...icom+group:
comp*&rnum&hl=en#bc900cb95f8cff86>

If I could just find out, for sure, whether or not is possible, I'd be
happy. I just don't want to keep trying, if it is pointless.

Thanks,
John











Replies Reply to this message
#4 John
June 08th, 2005 - 07:57 am ET | Report spam
I'll have to do some research and check with our developers about the
enveloped data. I'm new to this area and see that I have a lot to learn.
Does eneveloped require client certificates? If so, that is probably
more of a requirement than we want to put on our users.

Thanks for the suggestion,
John


Joe Kaplan (MVP - ADSI) wrote:

If you can do enveloped data in Java instead of encrypted data, then CAPICOM
should be viable. It is just the CAPICOM encrypted data format that seems
to be weirdly proprietary.

Does that work for you?

Joe K.

"John" <"jhook <RemoveToSend> wrote in message
news:%


Thanks for your prompt reply. I guess I'll just forgo CAPICOM and drop
down to the api.

Thanks,
John

Michel Gallant wrote:



Some info on CAPICOM "EncryptedData" format:
http://www.jensign.com/JavaScience/...eriveBytes
So the answer is NO .. Standard Java v 1.5x cannot decrypt (using api
calls)
CAPICOM EncryptedData ..
but of course you can always write your own class to do that! with info
provided.

- Mitch Gallant
MVP Security
www.jensign.com

"John" <"jhook <RemoveToSend> wrote in message
news:



Sorry if this has been asked before, but I am finding conflicting
answers.

Can anyone tell me definitely whether or not it is possible to encrypt a
file with java and then decrypt it via CAPICOM?

At
<http://msdn.microsoft.com/library/d...pi.asp>
I read:
*
"Note* CAPICOM does not support the PKCS7 EncryptedData content type
but uses a non-standard ASN structure for EncryptedData. As a result,
only CAPICOM can decrypt a CAPICOM EncryptedData object."

This makes me think that is NOT possible, though it doesn't explicitly
say so.

However, back in 2002, Michel Gallant (MVP) replied to a thread in the
comp.lang.java.security group that seemed to imply that it could be
done. He offered links to some code samples. Unfortunately the codes
sample are gone, but you can read the thread at:







<http://groups-beta.google.com/group...icom+group:
comp*&rnum&hl=en#bc900cb95f8cff86>



If I could just find out, for sure, whether or not is possible, I'd be
happy. I just don't want to keep trying, if it is pointless.

Thanks,
John



















Replies Reply to this message
#5 Michel Gallant
June 08th, 2005 - 09:34 am ET | Report spam
Yes, EnvelopedData is essentially symmetric bulk encryption of some
arbitrary data, and then encrypting this secret symmetric key with the
public key of target recipients with the corresponding certificate (and private key).

Strictly speaking, you COULD enveloped data with RSA rsa keypairs (no associated certificates),
but EnvelopedData almost always makes use of certificates to validate the public/private key of
recipients.

Another approach is to use a password-derived symmetric encryption approach for interop
between capi and Java 2:
http://www.jensign.com/JavaScience/...DESEncrypt
http://www.jensign.com/JavaScience/...DeriveKeyM

- Mitch Gallant



"John" wrote in message news:
I'll have to do some research and check with our developers about the
enveloped data. I'm new to this area and see that I have a lot to learn.
Does eneveloped require client certificates? If so, that is probably
more of a requirement than we want to put on our users.

Thanks for the suggestion,
John


Joe Kaplan (MVP - ADSI) wrote:

>If you can do enveloped data in Java instead of encrypted data, then CAPICOM
>should be viable. It is just the CAPICOM encrypted data format that seems
>to be weirdly proprietary.
>
>Does that work for you?
>
>Joe K.
>
>"John" <"jhook <RemoveToSend> wrote in message
>news:%
>
>
>>Thanks for your prompt reply. I guess I'll just forgo CAPICOM and drop
>>down to the api.
>>
>>Thanks,
>>John
>>
>>Michel Gallant wrote:
>>
>>
>>
>>>Some info on CAPICOM "EncryptedData" format:
>>> http://www.jensign.com/JavaScience/...eriveBytes
>>>So the answer is NO .. Standard Java v 1.5x cannot decrypt (using api
>>>calls)
>>>CAPICOM EncryptedData ..
>>>but of course you can always write your own class to do that! with info
>>>provided.
>>>
>>>- Mitch Gallant
>>> MVP Security
>>> www.jensign.com
>>>
>>>"John" <"jhook <RemoveToSend> wrote in message
>>>news:
>>>
>>>
>>>
>>>>Sorry if this has been asked before, but I am finding conflicting
>>>>answers.
>>>>
>>>>Can anyone tell me definitely whether or not it is possible to encrypt a
>>>>file with java and then decrypt it via CAPICOM?
>>>>
>>>>At
>>>><http://msdn.microsoft.com/library/d...pi.asp>
>>>>I read:
>>>>*
>>>>"Note* CAPICOM does not support the PKCS7 EncryptedData content type
>>>>but uses a non-standard ASN structure for EncryptedData. As a result,
>>>>only CAPICOM can decrypt a CAPICOM EncryptedData object."
>>>>
>>>>This makes me think that is NOT possible, though it doesn't explicitly
>>>>say so.
>>>>
>>>>However, back in 2002, Michel Gallant (MVP) replied to a thread in the
>>>>comp.lang.java.security group that seemed to imply that it could be
>>>>done. He offered links to some code samples. Unfortunately the codes
>>>>sample are gone, but you can read the thread at:
>>>>
>>>>
>>>>
>>>>
>>>>

<http://groups-beta.google.com/group...apicom+gro






up:
>>>comp*&rnum&hl=en#bc900cb95f8cff86>
>>>
>>>
>>>
>>>>If I could just find out, for sure, whether or not is possible, I'd be
>>>>happy. I just don't want to keep trying, if it is pointless.
>>>>
>>>>Thanks,
>>>>John
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>
>
>
>


email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search