Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 16733 invoked from network); 2 Nov 2006 15:43:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Nov 2006 15:43:05 -0000 Received: (qmail 93423 invoked by uid 500); 2 Nov 2006 15:43:14 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 93413 invoked by uid 500); 2 Nov 2006 15:43:14 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 93402 invoked by uid 99); 2 Nov 2006 15:43:14 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Nov 2006 07:43:14 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Nov 2006 07:43:02 -0800 Received: by brutus.apache.org (Postfix, from userid 33) id 3ECCD7142C1; Thu, 2 Nov 2006 07:42:42 -0800 (PST) From: bugzilla@apache.org To: security-dev@xml.apache.org Subject: DO NOT REPLY [Bug 40826] - Private keys must be instance of RSAPrivate or have PKCS#8 encoding In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20061102154242.3ECCD7142C1@brutus.apache.org> Date: Thu, 2 Nov 2006 07:42:42 -0800 (PST) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40826 ------- Additional Comments From sean.mullan@sun.com 2006-11-02 07:42 ------- > Each time i sign, i add the provider (Security.addProvider(p)) and create a new > PrivateKey object. Im not reusing nothing.. is it correct ? or i must have to > remove and add the provider each time? from what i know...when we use the > addProvider, it add the provider in the available slot, but we can add in a > specific slot, just using addProviderAt(p, 2) for instance. Ahh, here's what I think is happening: The first time you call Security.addProvider(p), your provider is added correctly, you create a new PrivateKey object using that same provider and the xml signing operation works ok. The next time you create a new provider and call Security.addProvider(p), I bet the provider is not added because it is already installed (from the APIs standpoint, it is the same provider even though it is a new instance). Check the return value of addProvider to see if it returns -1. *But* (and this is a major but), you then use the new provider instance to create a PrivateKey object. There's the problem. When you use this PrivateKey to sign, the xml signature cannot find the provider that you used to create it (since it is not installed, it only finds the old provider but that won't work with the new PrivateKey) and therefore the signing operation fails because it cannot find a provider that the key can be used with. Workarounds: Either, 1) explicitly remove the provider before you reinstall it each time, or 2) only create and install the provider once and always use this provider to create the PrivateKeys. Please confirm if this is the case. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.