BCRSAPublicKey vs RSAPublicKey

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

BCRSAPublicKey vs RSAPublicKey

Ryan Nideffer
I'm reading an X.509 certificate from disk and trying to determine why, with bcprov-jdk15on on the classpath, the public key object from the certificate is an instance of org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey, and when the jar is not on the classpath I get an instance of sun.security.rsa.RSAPublicKeyImpl.

In both cases I am explicitly requesting the SUN provider:

CertificateFactory f = CertificateFactory.getInstance("X.509", "SUN");
try (InputStream inputStream = x509CertResource.getInputStream()) {
    X509Certificate certificate = (X509Certificate) f.generateCertificate(inputStream);
    publicKey = certificate.getPublicKey();
}

I've compared all the entries in the provider map and they are identical across executions. It appears to be the KeyFactorySpi that chooses the implementation and I can't find any documentation about how to control this and make my own choice, or force the Sun implementation. Is there something different I need to be doing to get the Sun implementation?

The end result is that the public key modulus and publicExponent are completely different between the two classes for the same exact certificate. Any idea why this would be?

I'm using the bcprov-jdk15on:1.55.jar.

Thank you,
Ryan
Reply | Threaded
Open this post in threaded view
|

Re: BCRSAPublicKey vs RSAPublicKey

David Hook

I can't say I've encountered this before, but I'd guess it would have to rely of provider precedence and what OIDs are being recognised by the KeyFactory. I think BC accepts a broader set than the SUN provider, so that may be what's happening.

You will not see a different modules and public exponent though for the same cert. That really doesn't make any sense - the ASN.1 parsers in both cases will do the same thing, and both of them are using the Java BigInteger class.

Regards,

David

On 23/09/16 01:29, Ryan Nideffer wrote:
I'm reading an X.509 certificate from disk and trying to determine why, with bcprov-jdk15on on the classpath, the public key object from the certificate is an instance of org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey, and when the jar is not on the classpath I get an instance of sun.security.rsa.RSAPublicKeyImpl.

In both cases I am explicitly requesting the SUN provider:

CertificateFactory f = CertificateFactory.getInstance("X.509", "SUN");
try (InputStream inputStream = x509CertResource.getInputStream()) {
    X509Certificate certificate = (X509Certificate) f.generateCertificate(inputStream);
    publicKey = certificate.getPublicKey();
}

I've compared all the entries in the provider map and they are identical across executions. It appears to be the KeyFactorySpi that chooses the implementation and I can't find any documentation about how to control this and make my own choice, or force the Sun implementation. Is there something different I need to be doing to get the Sun implementation?

The end result is that the public key modulus and publicExponent are completely different between the two classes for the same exact certificate. Any idea why this would be?

I'm using the bcprov-jdk15on:1.55.jar.

Thank you,
Ryan


Reply | Threaded
Open this post in threaded view
|

Re: BCRSAPublicKey vs RSAPublicKey

Michał Zegan
oh well, requesting sun provider for certificate factory does not mean
requesting it for everything that the factory instantiates, that is
factory is sun, keys do not have to, that is normal.

W dniu 27.09.2016 o 21:00, David Hook pisze:

>
> I can't say I've encountered this before, but I'd guess it would have to
> rely of provider precedence and what OIDs are being recognised by the
> KeyFactory. I think BC accepts a broader set than the SUN provider, so
> that may be what's happening.
>
> You will not see a different modules and public exponent though for the
> same cert. That really doesn't make any sense - the ASN.1 parsers in
> both cases will do the same thing, and both of them are using the Java
> BigInteger class.
>
> Regards,
>
> David
>
> On 23/09/16 01:29, Ryan Nideffer wrote:
>> I'm reading an X.509 certificate from disk and trying to determine
>> why, with bcprov-jdk15on on the classpath, the public key object from
>> the certificate is an instance of
>> org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey, and
>> when the jar is not on the classpath I get an instance
>> of sun.security.rsa.RSAPublicKeyImpl.
>>
>> In both cases I am explicitly requesting the SUN provider:
>>
>> CertificateFactory f = CertificateFactory.getInstance("X.509", "SUN");
>> try (InputStream inputStream = x509CertResource.getInputStream()) {
>>     X509Certificate certificate = (X509Certificate)
>> f.generateCertificate(inputStream);
>>     publicKey = certificate.getPublicKey();
>> }
>>
>> I've compared all the entries in the provider map and they are
>> identical across executions. It appears to be the KeyFactorySpi that
>> chooses the implementation and I can't find any documentation about
>> how to control this and make my own choice, or force the Sun
>> implementation. Is there something different I need to be doing to get
>> the Sun implementation?
>>
>> The end result is that the public key modulus and publicExponent are
>> completely different between the two classes for the same exact
>> certificate. Any idea why this would be?
>>
>> I'm using the bcprov-jdk15on:1.55.jar.
>>
>> Thank you,
>> Ryan
>
>


signature.asc (503 bytes) Download Attachment