Re: Unrecoverable key exception

Jan Luehe (Jan.Luehe@eng.sun.com)
Wed, 17 Mar 1999 18:51:29 -0800 (PST)

Message-Id: <199903180251.SAA24169@laguna.eng.sun.com>
Date: Wed, 17 Mar 1999 18:51:29 -0800 (PST)
From: Jan Luehe <Jan.Luehe@eng.sun.com>
Subject: Re: Unrecoverable key exception
To: java-security@java.sun.com, RWILLE@novell.com

Robert:

> I put a PKCS8 file into a keystore using the KeyStore.setKeyEntry(String,
byte[], Certificate[]) method and cannot retrieve it. The exception I get is
java.security.UnrecoverableKeyException: Unsupported key protection algorithm.
The OID of the encryption algorithm is 1.2.840.113549.1.5.3 (MD5 and DES).
>
> If it makes any difference, the key's OID is 1.2.840.113549.1.1.1 (RSA). I
have an RSA KeyFactory provider to enable the KeyStore to construct a
PrivateKey.
>
> Any idea what's gone wrong?

In our KeyStore implementation, we have the following check:

private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";

if (!(encrAlg.getOID().toString().equals(KEY_PROTECTOR_OID))) {
throw new UnrecoverableKeyException("Unsupported key protection "
+ "algorithm");
}

KEY_PROTECTOR_OID is the OID of our proprietary key protection
algorithm in the "SUN" provider.
The KeyStore implementation in the "SUN" provider only recognizes
that algorithm.

We cannot instantiate your encryption algorithm, because in
order to do that, we would need the Cipher class, which is
not available in the JDK (because of export restrictions).

You need to write your own KeyStore implementation
in order to support your encryption algorithm. You can simply
copy our implementation and just replace the key-protection
part in it.

Jan