PKCS12 keystore with AES algorithm OID 2.16.840.1.101.3.4.1.42

[gruenich]

trafficstars

We try to build a PKCS12 keystore with BouncyCastle with the usage of the AES algorithm OID 2.16.840.1.101.3.4.1.42 as encryption/wrapping mechanism for the encryption of the secrets in the KeyStore, Is this mechanism possible at all with Bouncycastle? If yes, in what version of the BouncyCastle library is it included? Is it a build-in mechanism or is it necessary to build this encryption/wrapping for the PKSC12 keystore on our own?

[gruenich]

Or would this be a feature request?

[patrickshox]

From my understanding, this support already exists. I stumbled across this post because I was getting the following error:

Exception occurred : cannot create key generator: no such algorithm: 2.16.840.1.101.3.4.1.42 for provider BC

For those Googling who are also facing this error, I was able to fix the issue like so:

- import org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME
// ...
- JcaSimpleSignerInfoVerifierBuilder().setProvider(PROVIDER_NAME).build(cert)
+ JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider()).build(cert)

I knew to do this thanks to lots of StackOverflow answers about this topic [ex].