-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 6, 7
-
Component/s: security-libs
-
b142
-
generic
-
generic
-
Not verified
test.p12 is attached. Use IE to import the certificate/private key into the browser's keystore. Password is "test". Then run the following:
public static void main(String[] arg) throws Exception {
PrivateKey privKey = null;
Certificate cert = null;
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
PublicKey myPuKey = (PublicKey)
ks.getCertificate("test_cert0").getPublicKey();
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunMSCAPI");
rsa.init(Cipher.ENCRYPT_MODE, myPuKey);
myPuKey is a sun.security.rsa.RSAPublicKeyImpl here.
But MSCAPI checks that:
if (!(key instanceof sun.security.mscapi.Key)) {
throw new InvalidKeyException("Unsupported key type: " + key);
}
The current MSCAPI will choke on this in two places with an Unsupported key type. First in engineGetKeySize, and then in the actual Cipher's init routine.
public static void main(String[] arg) throws Exception {
PrivateKey privKey = null;
Certificate cert = null;
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
PublicKey myPuKey = (PublicKey)
ks.getCertificate("test_cert0").getPublicKey();
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunMSCAPI");
rsa.init(Cipher.ENCRYPT_MODE, myPuKey);
myPuKey is a sun.security.rsa.RSAPublicKeyImpl here.
But MSCAPI checks that:
if (!(key instanceof sun.security.mscapi.Key)) {
throw new InvalidKeyException("Unsupported key type: " + key);
}
The current MSCAPI will choke on this in two places with an Unsupported key type. First in engineGetKeySize, and then in the actual Cipher's init routine.
- duplicates
-
-
- Closed
-
- relates to
-
JDK-7050158 Cipher in plain RSA signing treats private keys as public
-
- Closed
-