-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
8u20
-
x86
-
windows_8
FULL PRODUCT VERSION :
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.3.9600]
(Windows 8.1 x64 Enterprise Edition)
A DESCRIPTION OF THE PROBLEM :
After upgrading to latest JDK release 1.8.0_20 from previous version (1.8.0_11) we get a java.security.InvalidKeyException exeption when javax.crypto.Cipher.unwrap() is called on raw data of a RSA-1024 wrapped AES-128 secret key.
Cipher is created for a RSA-1024 private key residing on a PKCS#11 compliant USB token which is token object, sensitive, and unextractable. The key data is wrapped using the corresponding public key which sits on the same token.
The following stack trace segment applies:
...
Caused by: java.security.InvalidKeyException: unwrap() failed
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:536)
at javax.crypto.Cipher.unwrap(Cipher.java:2506)
... 22 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_UnwrapKey(Native Method)
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:527)
... 24 more
REGRESSION. Last worked in version 8u11
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Caused by: java.security.InvalidKeyException: unwrap() failed
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:536)
at javax.crypto.Cipher.unwrap(Cipher.java:2506)
... 22 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_UnwrapKey(Native Method)
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:527)
... 24 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Replace lib\ext\sunpkcs11.jar with the one on previous working version (1.8.0_11)
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.3.9600]
(Windows 8.1 x64 Enterprise Edition)
A DESCRIPTION OF THE PROBLEM :
After upgrading to latest JDK release 1.8.0_20 from previous version (1.8.0_11) we get a java.security.InvalidKeyException exeption when javax.crypto.Cipher.unwrap() is called on raw data of a RSA-1024 wrapped AES-128 secret key.
Cipher is created for a RSA-1024 private key residing on a PKCS#11 compliant USB token which is token object, sensitive, and unextractable. The key data is wrapped using the corresponding public key which sits on the same token.
The following stack trace segment applies:
...
Caused by: java.security.InvalidKeyException: unwrap() failed
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:536)
at javax.crypto.Cipher.unwrap(Cipher.java:2506)
... 22 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_UnwrapKey(Native Method)
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:527)
... 24 more
REGRESSION. Last worked in version 8u11
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Caused by: java.security.InvalidKeyException: unwrap() failed
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:536)
at javax.crypto.Cipher.unwrap(Cipher.java:2506)
... 22 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_UnwrapKey(Native Method)
at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:527)
... 24 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Replace lib\ext\sunpkcs11.jar with the one on previous working version (1.8.0_11)