Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163896

Finalizing one key of a KeyPair invalidates the other key

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • 9
    • security-libs
    • None
    • b133
    • windows

        Here's the reproducer:
        -------------------
        import java.security.Key;
        import java.security.KeyPair;
        import java.security.KeyPairGenerator;

        public class Main {

            public static void main(String[] args) throws Exception {
                KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
                KeyPair pair = generator.generateKeyPair();
                Key publicKey = pair.getPublic();

                pair = null;
                for (int i = 0; i < 1024; ++i) {
                    System.gc();
                }

                publicKey.getEncoded(); // <<< throws KeyException: The parameter is incorrect
            }
        }
        -------------------

        This is because when a KeyPair is created both keys share the same native handles.
        Thus, when one of them is destroyed (i.e. finalized), the handles become invalid.

              igerasim Ivan Gerasimov
              igerasim Ivan Gerasimov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: