Bouncy Castle implementation on ehs6 | Telit Cinterion IoT Developer Community
May 23, 2017 - 2:23pm, 6291 views
Hi Everyone!
I am trying to implement bouncy castle-s encryption/decryption methods on ehs6, following this tutorial:
http://www.itcsolutions.eu/2010/12/28/how-to-encrypt-decrypt-with-aes-fr...
http://www.itcsolutions.eu/2010/09/03/how-to-use-bouncy-castle-lightweig...
I use the latest lcrypto-j2me-157 packet downloaded from:
http://www.bouncycastle.org/latest_releases.html
I use Eclipse. The project compiles successfully and starts on ehs6 module, but when the encrzpter constructor is called:
AES_BC encrypter = new AES_BC();
the module freezes. I tried oldere bouncy castle versions also, different encoding, the result is allways the same.
Did anybody successfully implemented Bouncy Castle on ehs6 module? Example maybe?
Thank you in advance.
Endre
Hello,
This is quite strange. Are you using the compiled library or source code. Please make sure that the library that you are using is compatible with the Java on the module. The compiler compliance level should be not higher than 1.3. Some deeper debugging in AES_BC would be helpful to see where it sticks.
On the other hand there is JSR177 API is provided with the module which can also be used for AES encryption, please see the example here: https://iot-developer.thalesgroup.com/showcase/jsr177-encryption-and-dec...
Best regards,
Bartłomiej
Thank you on the quick answer.
I have tried the mentioned example, and it works!
I think i will go on using that road..
Endre
Hi!
As I experimented, and tryed to connect to a local server using ssl, I failed with the exception: java.io.IOException: Algorithm Id parsing failed
I think it is because the server uses TLS v1.2, while the class javax.microedition.io.SecureConnection supports only TLS v1.0.
Can I change that with some kind of ConnectionOption to TLS v 1.2?
Thank you in advance. Again.
Endre
Hello,
TLS 1.2 should also be supported. Please check the firmware version with ATI1 command.
Please also paste some log and code fragment to show when this exception happens.
Best regards,
Bartłomiej
First of all, I would like to appologize, because I mixed up two probles that I am working on.
1)The original "bouncy castle" problem in this thread was about AES encryption.
2) In the meanwhile, I am testing ssl connection to various servers with success (smtp.gmail.com, etc..) using the code:
String sTestServerAddr = "ssl://smtp.gmail.com:465";
String url = sTestServerAddr+ ";bearer_type=GPRS;access_point=indas;username=mobtel;password=gprs;timeout=60";
SecureConnection sc = (SecureConnection)Connector.open(url); // THIS IS WHERE THE EXCEPTION HAPPENS ( java.io.IOException: Algorithm Id parsing failed)
SecurityInfo info = sc.getSecurityInfo();
sc.setSocketOption(SocketConnection.LINGER, 5);
InputStream is = sc.openInputStream();
OutputStream os = sc.openOutputStream();
By reading the documentation for SecureConnection Class (javax.microedition.io.SocketConnection), it supports TLS v1.0 (or it is set by default to 1.0?).
Scenario1:
When I connect to smtp.gmail.com, the connection is succesful, and I can send email successfully from the module. In that case the connections SecurityInfo contains:
CipherSuite:TLS_RSA_WITH_AES_128_GCM_SHA256
ProtocolName:TLS
ProtocolVersion:3.3
Scenario2:
When I try to connect to our local server configured to use TLS v1.2, the connection is unsuccessfull, and the exception occurs on the line: SecureConnection sc = (SecureConnection)Connector.open(url);
Scenario3:
When I try to connect to our local server configured to use TLS v1.0, the connection is successfull (says the server), but the exception still occurs on the module side, on the same place.
My module information:
Cinterion
EHS6
REVISION 03.001
Thank you for your support and effort.
Endre
Hello,
Thank you for this information.
Please check again the firmware version with ATI1 command instead of ATI - this is important.
Thanks,
Bartłomiej
Hi!
The ATI1 response is:
ati1
Cinterion
EHS6
REVISION 03.001
A-REVISION 00.000.31
Endre
Hello,
There is currently the newer firmware revision available A-REVISION 00.000.51. I suggest you to try it since there were some updates of ssl libraries because of the problems with secure connections to some sites.
I suppose that this should solve the problem.
Best regards,
Bartłomiej
Hello,
The update was successfull, but did not help arount the bouncy castle implementation.
However, the module successfully connects to server using TLS v1.2. The problem was the Server certifiate. It used SHA1RSA algorythm. By switching to SHA256 algorythm, the module connected succesfully.
I have another question regarding AES encyption, but I will open another thread for it.
Endre
Hello,
I suppose that the problem in bouncy castle is rather in some incompatibility of the code and would require some debugging inside it. If you have the source code you could try to use it instead of library.
By the way I can't see any AES_BC class in the Boucy Castle API - is it your class? Have you tried to debug where exactly the execution hangs?
Did the new firmware not solve the 1.2 connection problem but changing the algorithm?
Regards,
Bartłomiej
Pages