Getting 412 “NieprawidÅ‚owa dÅ‚ugość klucza symetrycznego” (“Invalid symmetric key length”) error while calling Polish Governemnt JPK Vat api

I am kind of stuck on this 412: Invalid symmetric key length error from the Polish Government JPK_VAT Submission API.

The requirement is to encrypt the JPK.XML.ZIP file using AES 256 CBC PKCS#7 BlockSize 16 and IV Random 16 key.

Then to encrypt the AES KEY using public key provided by polish ministry of Finance. Then sign the XML with XAdES-BES.

Than make call to InitUpload -> UPload the ZIP -> Finish upload.

Till this point all works, but when I get the status I am getting above error i.e.

"Code": 412, "Description": "Dokument nieprawidłowo zaszyfrowany", "Details": "Nieprawidłowa długość klucza symetrycznego"

As per my analysis I suspect it might be issue with the JAVA encryption and .NET decryption (Assuming the Polish Gov API is in C#).

Can you help in pointing what I may be doing wrong?

Below is my code:

    Generate AES Key:

    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
    keyGenerator.init(256);

    SecretKey secretKey = keyGenerator.generateKey();
    cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    
    SecureRandom r = new SecureRandom();
    byte[] iv = new byte[cipher.getBlockSize()];
    r.nextBytes(iv);
    IvParameterSpec ivParams = new IvParameterSpec(iv);
    cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParams);

    //This will encrypt the ZIP with AES 
    byte[] encryptedByte = cipher.doFinal(zipFile);
    //Now will encrypt the AES key with RSA
    //Get Public key
    InputStream certstream = new ByteArrayInputStream (Files.readAllBytes(path));
    Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(certstream);
    PublicKey key = cert.getPublicKey();
    
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key);
    byte[] encryptedKey=cipher.doFinal(secretKey.getEncoded());
    String encodedKey = Base64.getEncoder().encodeToString(encryptedKey);

Then I sign the XML.

Pewnie piszesz program do podatków bo sezon się zbliża... Zakladam że po polsku rozumiesz...

Tutaj może być wskazówka: https://www.pit.pl/aktualnosci/blad-412-w-nowej-bramce-jpk-mf-radzi-jak-rozwiazac-problem-994509

Thanks 0xmarcin, I am using google translate :). I checked the link you posted, but i do not see any extra line or character. So not sure whats wrong, can you check the code above and see if you can highlight something ?

@0xmarcin: Thanks 0xmarcin, I am using google translate :). I checked the link you posted, but i do not see any extra line or character. So not sure whats wrong, can you check the code above and see if you can highlight something?

Thanks Guys we can close this, as it got fixed with right certificate

Hi Rohan
could you please inform which certificate file you used
i use "Certyfikat SSL środowiska testowego usługi JPK test-e-dokumenty.mf.gov.pl – od 23.09.2020 r. (ZIP, 1 kB)"
from page https://www.podatki.gov.pl/jednolity-plik-kontrolny/jpk_vat/pliki-do-pobrania/
link to download https://www.podatki.gov.pl/media/6302/test_e_dokumenty-mf-gov-pl_certyfikat-ssl20200917.zip
this is for test server https://test-e-dokumenty.mf.gov.pl/api/Storage/

but unfortunately I get the same error
I fought that thats because they use java, and I use .Net, so i stunned to see that you using java and get the same
and for four years i communicated with this JPK service without any problems
before they changed they service at 01.X this year
AES key lenght is not a problem either, of course...

Try using this certificate and it should work. https://www.podatki.gov.pl/me[...]est-e_dokumenty-mf-gov-pl.zip

I can now fully confirm that the correct certificate is the one from year 2019, issued to CN=JPK
this years certificate from April 29 is issued for CN=e-dokumenty.mf.gov.pl, a different MF gate, and should not be used for JPK transmission
i'm speaking now of the production environment

I had one month of terror due to the whole situation...
but still, Rohan, good man, thank you very much