Quantcast

Recent update broke RSA

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Recent update broke RSA

Uri Blumenthal
After the recent update, the code that worked before  stopped working. It looks like org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign now does not recognize SunPKCS11-provided key as an RSA private key:

Signing key algorithm: ‘SHA256withRSA'
Exception in thread "main" java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
        at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
        at java.security.Signature$Delegate.init(Signature.java:1152)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
        at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
        at java.security.Signature.initSign(Signature.java:527)
        at SunPKCS11Test1.signDocument(SunPKCS11Test1.java:288)
        at SunPKCS11Test1.main(SunPKCS11Test1.java:229)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)


Here’s the (now) offending code:

static byte[] signDocument(byte[] aDocument, PrivateKey aPrivateKey)
    throws GeneralSecurityException
    {
        String algo = aPrivateKey.getAlgorithm();
        if(algo.equals("EC"))
            algo = "SHA256withECDSA";
        else
            algo = "SHA256withRSA";
        out.printf("Signing key algorithm: \'%s\'\n", algo);
        Signature signatureAlgorithm =
        Signature.getInstance(algo);
        signatureAlgorithm.initSign(aPrivateKey);
        signatureAlgorithm.update(aDocument);
        byte[] sig = null;
        try {
            sig = signatureAlgorithm.sign();
        } catch (ProviderException ex1) {
            if (ex1.getMessage().endsWith("CKR_USER_NOT_LOGGED_IN")) {
                out.println("Exception during signing: "
                                   + ex1.getMessage());
                return null;
            }
        }
        return sig;
    }

--
Uri Blumenthal
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent update broke RSA

David Hook

It's not an RSAPrivateKey though - P11PrivateKey only implements
PrivateKey, it's not extractable either. I think the issue might be
related to provider precedence, or at least a change in it, you wouldn't
expect a hardware locked private key to work with a software module (at
least in this case). If it did you would probably be asking for your
money back... The PKCS#11 provider should be the one doing the signing.

Regards,

David

On 21/08/16 19:52, Uri Blumenthal wrote:

> After the recent update, the code that worked before  stopped working. It looks like org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign now does not recognize SunPKCS11-provided key as an RSA private key:
>
> Signing key algorithm: ‘SHA256withRSA'
> Exception in thread "main" java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
> at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
> at java.security.Signature$Delegate.init(Signature.java:1152)
> at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
> at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
> at java.security.Signature.initSign(Signature.java:527)
> at SunPKCS11Test1.signDocument(SunPKCS11Test1.java:288)
> at SunPKCS11Test1.main(SunPKCS11Test1.java:229)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>
>
> Here’s the (now) offending code:
>
> static byte[] signDocument(byte[] aDocument, PrivateKey aPrivateKey)
>     throws GeneralSecurityException
>     {
>         String algo = aPrivateKey.getAlgorithm();
>         if(algo.equals("EC"))
>             algo = "SHA256withECDSA";
>         else
>             algo = "SHA256withRSA";
>         out.printf("Signing key algorithm: \'%s\'\n", algo);
>         Signature signatureAlgorithm =
>         Signature.getInstance(algo);
>         signatureAlgorithm.initSign(aPrivateKey);
>         signatureAlgorithm.update(aDocument);
>         byte[] sig = null;
>         try {
>             sig = signatureAlgorithm.sign();
>         } catch (ProviderException ex1) {
>             if (ex1.getMessage().endsWith("CKR_USER_NOT_LOGGED_IN")) {
>                 out.println("Exception during signing: "
>                                    + ex1.getMessage());
>                 return null;
>             }
>         }
>         return sig;
>     }
>
> --
> Uri Blumenthal
> [hidden email]
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent update broke RSA

Uri Blumenthal
On Aug 21, 2016, at 7:04 , David Hook <[hidden email]> wrote:
> It's not an RSAPrivateKey though - P11PrivateKey only implements
> PrivateKey, it's not extractable either.

Yes I realize this.

> I think the issue might be
> related to provider precedence, or at least a change in it, you wouldn't
> expect a hardware locked private key to work with a software module (at
> least in this case). If it did you would probably be asking for your
> money back... The PKCS#11 provider should be the one doing the signing.

Yes, the PKCS#11 provider (SunPKCS11 to be specific - as I can’t seem to get OpenSC-Java to work, as is evidenced by my other posts here) should be the one doing signing, and it used to - until very recently.

What would you recommend me to check or to change? As I said, it used to work. During the time between “works” and “doesn’t any more” I’ve updated BC to its current GitHub level, maybe updated JDK to 1.8.0_102 (don’t remember - maybe it worked with 102, maybe I haven’t tried until yesterday), and I’ve experimented with OpenSC-Java (both the OpenSC/ version, and the fork of Andreas).

Thanks!



> On 21/08/16 19:52, Uri Blumenthal wrote:
>> After the recent update, the code that worked before  stopped working. It looks like org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign now does not recognize SunPKCS11-provided key as an RSA private key:
>>
>> Signing key algorithm: ‘SHA256withRSA'
>> Exception in thread "main" java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
>> at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
>> at java.security.Signature$Delegate.init(Signature.java:1152)
>> at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
>> at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
>> at java.security.Signature.initSign(Signature.java:527)
>> at SunPKCS11Test1.signDocument(SunPKCS11Test1.java:288)
>> at SunPKCS11Test1.main(SunPKCS11Test1.java:229)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>>
>>
>> Here’s the (now) offending code:
>>
>> static byte[] signDocument(byte[] aDocument, PrivateKey aPrivateKey)
>>    throws GeneralSecurityException
>>    {
>>        String algo = aPrivateKey.getAlgorithm();
>>        if(algo.equals("EC"))
>>            algo = "SHA256withECDSA";
>>        else
>>            algo = "SHA256withRSA";
>>        out.printf("Signing key algorithm: \'%s\'\n", algo);
>>        Signature signatureAlgorithm =
>>        Signature.getInstance(algo);
>>        signatureAlgorithm.initSign(aPrivateKey);
>>        signatureAlgorithm.update(aDocument);
>>        byte[] sig = null;
>>        try {
>>            sig = signatureAlgorithm.sign();
>>        } catch (ProviderException ex1) {
>>            if (ex1.getMessage().endsWith("CKR_USER_NOT_LOGGED_IN")) {
>>                out.println("Exception during signing: "
>>                                   + ex1.getMessage());
>>                return null;
>>            }
>>        }
>>        return sig;
>>    }
>>
>> --
>> Uri Blumenthal
>> [hidden email]
>>
>

--
Uri Blumenthal
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent update broke RSA

David Hook

I think the only way to deal with this is to specifically call out the
provider you need in getInstance() - it sounds like the app is now
looking at things in a slightly different way, the only way to make sure
it's got the view you want is to find a way of making sure it's using
the correct provider.

Regards,

David

On 22/08/16 00:28, Uri Blumenthal wrote:

> On Aug 21, 2016, at 7:04 , David Hook <[hidden email]> wrote:
>> It's not an RSAPrivateKey though - P11PrivateKey only implements
>> PrivateKey, it's not extractable either.
> Yes I realize this.
>
>> I think the issue might be
>> related to provider precedence, or at least a change in it, you wouldn't
>> expect a hardware locked private key to work with a software module (at
>> least in this case). If it did you would probably be asking for your
>> money back... The PKCS#11 provider should be the one doing the signing.
> Yes, the PKCS#11 provider (SunPKCS11 to be specific - as I can’t seem to get OpenSC-Java to work, as is evidenced by my other posts here) should be the one doing signing, and it used to - until very recently.
>
> What would you recommend me to check or to change? As I said, it used to work. During the time between “works” and “doesn’t any more” I’ve updated BC to its current GitHub level, maybe updated JDK to 1.8.0_102 (don’t remember - maybe it worked with 102, maybe I haven’t tried until yesterday), and I’ve experimented with OpenSC-Java (both the OpenSC/ version, and the fork of Andreas).
>
> Thanks!
>
>
>
>> On 21/08/16 19:52, Uri Blumenthal wrote:
>>> After the recent update, the code that worked before  stopped working. It looks like org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign now does not recognize SunPKCS11-provided key as an RSA private key:
>>>
>>> Signing key algorithm: ‘SHA256withRSA'
>>> Exception in thread "main" java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
>>> at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
>>> at java.security.Signature$Delegate.init(Signature.java:1152)
>>> at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
>>> at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
>>> at java.security.Signature.initSign(Signature.java:527)
>>> at SunPKCS11Test1.signDocument(SunPKCS11Test1.java:288)
>>> at SunPKCS11Test1.main(SunPKCS11Test1.java:229)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>>>
>>>
>>> Here’s the (now) offending code:
>>>
>>> static byte[] signDocument(byte[] aDocument, PrivateKey aPrivateKey)
>>>    throws GeneralSecurityException
>>>    {
>>>        String algo = aPrivateKey.getAlgorithm();
>>>        if(algo.equals("EC"))
>>>            algo = "SHA256withECDSA";
>>>        else
>>>            algo = "SHA256withRSA";
>>>        out.printf("Signing key algorithm: \'%s\'\n", algo);
>>>        Signature signatureAlgorithm =
>>>        Signature.getInstance(algo);
>>>        signatureAlgorithm.initSign(aPrivateKey);
>>>        signatureAlgorithm.update(aDocument);
>>>        byte[] sig = null;
>>>        try {
>>>            sig = signatureAlgorithm.sign();
>>>        } catch (ProviderException ex1) {
>>>            if (ex1.getMessage().endsWith("CKR_USER_NOT_LOGGED_IN")) {
>>>                out.println("Exception during signing: "
>>>                                   + ex1.getMessage());
>>>                return null;
>>>            }
>>>        }
>>>        return sig;
>>>    }
>>>
>>> --
>>> Uri Blumenthal
>>> [hidden email]
>>>
> --
> Uri Blumenthal
> [hidden email]
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent update broke RSA

Uri Blumenthal
On Aug 21, 2016, at 17:41 , David Hook <[hidden email]> wrote:
> I think the only way to deal with this is to specifically call out the
> provider you need in getInstance() - it sounds like the app is now
> looking at things in a slightly different way, the only way to make sure
> it's got the view you want is to find a way of making sure it's using
> the correct provider.

Thank you - straightening the providers seemed to resolve this. Andreas fixed his fork of OpenSC-Java, so signature works again both with OpenSC-PKCS11 and SunPKCS11 providers (both using OpenSC as the native PKCS11 library).
--
Uri Blumenthal
[hidden email]


Loading...