santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40826] New: - Private keys must be instance of RSAPrivate or have PKCS#8 encoding
Date Fri, 27 Oct 2006 11:14:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40826>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40826

           Summary: Private keys must be instance of RSAPrivate or have
                    PKCS#8 encoding
           Product: Security
           Version: unspecified
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: fillipelima@gmail.com


Hello

I am having a problem. My application is an applet that generate a xml and sign
it with PrivateKey from SmartCard. 

The first time, it works fine! however when i try to sign again (second time), i
get this exception: 

java.security.InvalidKeyException: Private keys must be instance of
RSAPrivate(Crt)Key or have PKCS#8 encoding

The exception occurs when calling the method: DOMSignContext dsc = new
DOMSignContext(pk, doc.getDocumentElement()); This method is part of the
following code:

Does any body know what could i do to solve this problem ?

======= code that generates the xml signature

String providerName = System.getProperty("jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(
"DOM",
(Provider) Class.forName(providerName).newInstance());
Reference ref = fac.newReference(
"",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(
Transform.ENVELOPED,
(TransformParameterSpec) null)),
null,
null);

SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));

KeyInfoFactory kif = fac.getKeyInfoFactory();
X509Data x509 = kif.newX509Data(Collections.singletonList(cert));
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509));

DOMSignContext dsc = new DOMSignContext(pk, doc.getDocumentElement());

XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
return doc; 
}

======= code that get de PrivateKey and Certificate from Smart Card:
String configuracao = "name = SmartCard\n" +
"library = c:\\windows\\system32\\aetpkss1.dll";
byte[] configuracaoBytes = configuracao.getBytes();
ByteArrayInputStream configuracaoStream = new
ByteArrayInputStream(configuracaoBytes);
sun.security.pkcs11.SunPKCS11 provider = new
sun.security.pkcs11.SunPKCS11(configuracaoStream);
Security.addProvider(provider);
this.nomeProvider = provider.getName();
this.repositorio = KeyStore.getInstance("PKCS11", provider);
repositorio.load(null, pin.toCharArray());
this.inicializarDados(pin);

String keyEntry = null;
boolean ok = false;

Enumeration en = repositorio.aliases();
while(en.hasMoreElements()) {
keyEntry = (String)en.nextElement();
if(repositorio.isKeyEntry(keyEntry)){
ok = true;
break;
}
}
if(ok){
certificado = (X509Certificate) repositorio.getCertificate(keyEntry);
chavePrivada = (PrivateKey) repositorio.getKey(keyEntry, pin.toCharArray());

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message