5

I am trying to encrypt some content using ECC algorithm using BouncyCastle in java. But I am getting exception of BouncyCastle library saying cannot cast JCEECPublicKey to IESKey. Which I understood that the public key generated by KeyPairGenerator is JCEECPublicKey which cannot be used in java Cipher.init method. Can someone tell me how can convert it in Public key or X509 spec so that I can use it in encryption.

Here is the code which I tried

// add instance of provider class
Security.addProvider(new BouncyCastleProvider());

// initializing parameter specs secp256r1/prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");

// key pair generator to generate public and private key
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());

// initialize key pair generator
generator.initialize(ecSpec);

// Key pair to store public and private key
KeyPair keyPair = generator.generateKeyPair();

Cipher iesCipher = Cipher.getInstance("ECIES", new BouncyCastleProvider());
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());

Also I tried to convert the public key into X509EncodedSpec but I get same exception

X509EncodedKeySpec spec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
KeyFactory factory = KeyFactory.getInstance("ECDH");

PublicKey publicKey = factory.generatePublic(spec);

The exception which I am getting is 

java.lang.ClassCastException: org.bouncycastle.jce.provider.JCEECPublicKey cannot be cast to org.bouncycastle.jce.interfaces.IESKey
    at org.bouncycastle.jce.provider.JCEIESCipher.engineGetKeySize(JCEIESCipher.java:49)
    at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1057)
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1015)
    at javax.crypto.Cipher.init(Cipher.java:1229)
    at javax.crypto.Cipher.init(Cipher.java:1173)
    at com.test.EciesTest.main(EciesTest.java:45)

EDIT

Based on comment the JDK version I am using is JDK 7 - Oracle Import statements I am using:

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
Adam Arold
  • 29,285
  • 22
  • 112
  • 207
Vighanesh Gursale
  • 55
  • 1
  • 1
  • 6

1 Answers1

7

Try the following:

// add instance of provider class
Security.addProvider(new BouncyCastleProvider());

String name = "secp256r1";

// NOTE just "EC" also seems to work here
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(new ECGenParameterSpec(name));

// Key pair to store public and private key
KeyPair keyPair = kpg.generateKeyPair();

Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());

And note that in general it is best to keep to JCE classes instead of Bouncy Castle classes when trying to use Bouncy through the JCE. In this case the problem was probably the parameters given to the key generator.

In above code I used BouncyCastleProvider.PROVIDER_NAME but just "BC" would work equally well of course. Re-instantiating the provider each time is not a good idea, although it should not have influenced the end result.

Make sure you've got an up to date system to run this code. This code was tested on the following system:

 --- runtime information --- 
Properties:
    java.vendor                : Oracle Corporation
    java.specification.name    : Java Platform API Specification
    java.specification.version : 1.8
    java.runtime.name          : Java(TM) SE Runtime Environment
    java.runtime.version       : 1.8.0_65-b17
    java.vm.name               : Java HotSpot(TM) 64-Bit Server VM
Unlimited crypto: yes
 --- info for provider Bouncy Castle --- 
Bouncy Castle version: 1.520000
Bouncy Castle provider registered: yes
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • I got the following error : `InvalidAlgorithmParameterException: parameter object not a ECParameterSpec` at `kpg.initialize` position. To which I tried different named curves provided [here](http://www.bouncycastle.org/wiki/pages/viewpage.action?pageId=362269) but none of them worked. – Vighanesh Gursale Oct 23 '15 at 11:10
  • Please list Java runtime, Bouncy Castle runtime and import statements. – Maarten Bodewes Oct 23 '15 at 11:12
  • I have edited my question and added the runtime and import statements. – Vighanesh Gursale Oct 23 '15 at 11:18
  • Weird, your code failed on my PC, and the above ran fine on it after I installed the unlimited crypto (new Java version update). I'm currently running JDK 1.8 version 65 and Bouncy Castle 1.52 (which is already old). Maybe upgrading to Java 8 would help. – Maarten Bodewes Oct 23 '15 at 11:33
  • Ok let me try I have jdk 8 but not updated version I just update it and try again and let you. – Vighanesh Gursale Oct 23 '15 at 11:40
  • I just updated my jdk version now my jdk version is 1.8.66 and used Bouncy castle 1.52 library now I am getting new error i.e. `InvalidKeyException: Illegal key size or default parameters`. – Vighanesh Gursale Oct 23 '15 at 12:16
  • I don't have enough reputation to continue the discussion in chat I just need a suggestion do I need to download JDK 1.8.65 or I need to use different provider or else I need to use hybrid symmetric encryption with EC. – Vighanesh Gursale Oct 23 '15 at 12:22
  • 1
    No, please install the [unlimited crypto files for your Java 8](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html). ECIES *is* hybrid encryption. – Maarten Bodewes Oct 23 '15 at 12:32