-
Bug
-
Resolution: Fixed
-
P4
-
None
-
b133
-
generic
-
generic
-
Not verified
While the PKCS11 native library implementation generates RSA key pairs with CRT fields for the private key, the following code leads to a ClassCastException:
"
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", p);
keygen.initialize(1024);
KeyPair kp = keygen.genKeyPair();
RSAPrivateCrtKey prv = (RSAPrivateCrtKey) kp.getPrivate();
"
Looking at the SunPKCS11 provider (File P11Key.java line 346), a test is done in regards to the CKA_PUBLIC_EXPONENT attribute to determine if the private key is of class RSAPrivateCrtKey or RSAPrivateKey.
However the attribute CKA_PUBLIC_EXPONENT does not seem to be relevant here since it does not permit to determine surely the class of the private key. Checks on the presence or not of CRT attributes (at least for one) should be done rather. Thoses attributes are: CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT.
This checks does not appear relevant and might be replaced by the presence or not of at least one of the CRT specific fields such prime P or prime Q.
"
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA", p);
keygen.initialize(1024);
KeyPair kp = keygen.genKeyPair();
RSAPrivateCrtKey prv = (RSAPrivateCrtKey) kp.getPrivate();
"
Looking at the SunPKCS11 provider (File P11Key.java line 346), a test is done in regards to the CKA_PUBLIC_EXPONENT attribute to determine if the private key is of class RSAPrivateCrtKey or RSAPrivateKey.
However the attribute CKA_PUBLIC_EXPONENT does not seem to be relevant here since it does not permit to determine surely the class of the private key. Checks on the presence or not of CRT attributes (at least for one) should be done rather. Thoses attributes are: CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT.
This checks does not appear relevant and might be replaced by the presence or not of at least one of the CRT specific fields such prime P or prime Q.