cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-6996) "n" in JWK for RSA should be unsigned, but is signed in JwkUtils.prepareRSAJwk
Date Fri, 05 Aug 2016 12:15:20 GMT


Sergey Beryozkin commented on CXF-6996:

Thanks, have a look at the fix please. 
Note I've updated the code to remove the extra bytes if any from the byte array rather rather
than removing '0' from the encoded representation. I just thought it was difficult to generalize
in the latter case. Let me know please if you think it can be problematic and we can reopen

> "n" in JWK for RSA should be unsigned, but is signed in JwkUtils.prepareRSAJwk
> ------------------------------------------------------------------------------
>                 Key: CXF-6996
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.1.7
>            Reporter: Svein Otto Solem
>            Priority: Minor
>             Fix For: 3.2.0, 3.1.8
> The length of the "n" value is 257 bytes for a 2048 bits key length. 
> If "n" is handled as an unsigned int, it should be at most 256 bytes. 
> The added null byte is caused by BigInteger.toByteArray() which always handles the integer
as a signed integer.
> A fix is just to remove all the first 0-bytes in the encodedModulus, see JwkUtils.prepareRSAJwk.
>  This fix will surely break clients which just decodes the "n" as an unsigned value using
new BigInteger(byte[]) . These clients must be changed to either always insert a leading "0-byte"
before using the new BigInteger(byte[]) contstructor, or they should use the BigInteger(signum,
magnitude) constructor.  
> The extra "sign byte" is mentioned in:

This message was sent by Atlassian JIRA

View raw message