-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
8, 11, 17, 18
-
generic
-
generic
ADDITIONAL SYSTEM INFORMATION :
LInux Budgie
Openjdk 11.0.13
A DESCRIPTION OF THE PROBLEM :
X.509 certificates have an extension, Key Usage, that states what the certified public key (and the correponding private key) can be used for.
For documents' signature, the certificates can just state "non-repudiation" in that extension. This is what happens with the Portuguese certificates used by citizens to sign documents.
I'm using openjdk 11.0.13 on a Linux. The Signature class does not allow a certificate with the above referred Key Usage indication to validate a signature (it fails on initVerify with InvalidKeyException).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a signature
Create a Signture object, and call initVerify with a certificate as parameter
The certificate must have as exclusive Key Usage option the value non-repudiation
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no error
ACTUAL -
InvalidKeyException
CUSTOMER SUBMITTED WORKAROUND :
Use the certificate's public key instead of the certificate on initVerify
FREQUENCY : always
LInux Budgie
Openjdk 11.0.13
A DESCRIPTION OF THE PROBLEM :
X.509 certificates have an extension, Key Usage, that states what the certified public key (and the correponding private key) can be used for.
For documents' signature, the certificates can just state "non-repudiation" in that extension. This is what happens with the Portuguese certificates used by citizens to sign documents.
I'm using openjdk 11.0.13 on a Linux. The Signature class does not allow a certificate with the above referred Key Usage indication to validate a signature (it fails on initVerify with InvalidKeyException).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a signature
Create a Signture object, and call initVerify with a certificate as parameter
The certificate must have as exclusive Key Usage option the value non-repudiation
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no error
ACTUAL -
InvalidKeyException
CUSTOMER SUBMITTED WORKAROUND :
Use the certificate's public key instead of the certificate on initVerify
FREQUENCY : always