javaencryptionrsabouncycastleoaep

No RSA/ECB/OAEPPadding on Red Hat 8

I'm not versed in cryptography and am pulling my hair out. I have the following (simplified) setup and code.

Maven setup to use BouncyCastle

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk18on</artifactId>
    <version>1.78.1</version>
</dependency>

Code

try {
    PublicKey serverPubKey = CertUtil.getPubKey(new File(cert_fp));
    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
    OAEPParameterSpec specs = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
    cipher.init(1, serverPubKey, specs);
} catch (CertificateException | NoSuchPaddingException | InvalidKeyException |
            InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
    LOGGER.severe("Cannot create encryption cipher.  " + e);
}

When running on Windows (Java 17), it works. When running on Red Hat 8 (openjdk 17), I got

Cannot create encryption cipher.  java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding

The thing is it used to work on Red Hat too. I'm a bit lost on what might caused the error now. I checked the command for running it and bouncycastle is in the classpath.

I added some codes to check the providers and it looks the same on both Windows and Linux.

Set<String> algs = new TreeSet<>();
    for (Provider provider : Security.getProviders()) {
    provider.getServices().stream()
            .filter(s -> "Cipher".equals(s.getType()))
            .map(Service::getAlgorithm)
            .forEach(algs::add);
}
algs.forEach(System.out::println);

Output

AES/CBC/NoPadding
AES/CBC/PKCS5Padding
AES/CTR/NoPadding
AES/ECB/NoPadding
AES/ECB/PKCS5Padding
AES/GCM/NoPadding
AES_128/CBC/NoPadding
AES_128/ECB/NoPadding
AES_128/GCM/NoPadding
AES_192/CBC/NoPadding
AES_192/ECB/NoPadding
AES_192/GCM/NoPadding
AES_256/CBC/NoPadding
AES_256/ECB/NoPadding
AES_256/GCM/NoPadding
ARCFOUR
ChaCha20-Poly1305
DES/CBC/NoPadding
DES/CBC/PKCS5Padding
DES/ECB/NoPadding
DES/ECB/PKCS5Padding
DESede/CBC/NoPadding
DESede/CBC/PKCS5Padding
DESede/ECB/NoPadding
DESede/ECB/PKCS5Padding
PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA512AndAES_256
RSA/ECB/NoPadding
RSA/ECB/PKCS1Padding

What am I missing? What can I try? I do have to use "RSA/ECB/OAEPPadding".

Thanks

Solution

  • You need to explicitly register the Bouncy Castle crypto provider when your application starts, eg:

    public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());

    It definitely includes "RSA/ECB/OAEPPadding".