Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163896

Finalizing one key of a KeyPair invalidates the other key

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 9
    • 9
    • security-libs
    • None
    • b133
    • windows

    Backports

      Description

        Here's the reproducer:
        -------------------
        import java.security.Key;
        import java.security.KeyPair;
        import java.security.KeyPairGenerator;

        public class Main {

            public static void main(String[] args) throws Exception {
                KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
                KeyPair pair = generator.generateKeyPair();
                Key publicKey = pair.getPublic();

                pair = null;
                for (int i = 0; i < 1024; ++i) {
                    System.gc();
                }

                publicKey.getEncoded(); // <<< throws KeyException: The parameter is incorrect
            }
        }
        -------------------

        This is because when a KeyPair is created both keys share the same native handles.
        Thus, when one of them is destroyed (i.e. finalized), the handles become invalid.

        Attachments

          Issue Links

            Activity

              People

                igerasim Ivan Gerasimov
                igerasim Ivan Gerasimov
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: