-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 6
-
Component/s: security-libs
-
b100
-
sparc
-
solaris_10
-
Verified
If a SecretKeySpec with a byte array and the algorithm string "TripleDES" (or "DESede")
is passed to SecretKeyFactory.getInstance("TripleDES").generateSecret(), it throws
InvalidKeySpecException("Inappropriate key specification").
This problem also occurs for the DES algorithm. It is only a problem with the SunJCE
provider. The SunPKCS11 provider works fine.
The problem appears to be that the DES/DESede implementation of
the SecretKeyFactorySpi.engineGenerateSecret(KeySpec) method
is only looking for an instanceof DESKeySpec or DESedeKeySpec. It should also allow
SecretKeySpec with an appropriate algorithm and key size.
is passed to SecretKeyFactory.getInstance("TripleDES").generateSecret(), it throws
InvalidKeySpecException("Inappropriate key specification").
This problem also occurs for the DES algorithm. It is only a problem with the SunJCE
provider. The SunPKCS11 provider works fine.
The problem appears to be that the DES/DESede implementation of
the SecretKeyFactorySpi.engineGenerateSecret(KeySpec) method
is only looking for an instanceof DESKeySpec or DESedeKeySpec. It should also allow
SecretKeySpec with an appropriate algorithm and key size.
- relates to
-
-
- Resolved
-