There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • A DESCRIPTION OF THE REQUEST : Requesting support for doing raw RSA signing with SunMSCAPI - at present only SHA-1, MD5 and MD2 signing is possible. This would include the SunMSCAPI provider having the following property or similar:$NONE Alternatively, the SunMSCAPI cipher class could be changed to support encrypting with private keys, although i suspect that the underlying MSCAPI doesn't allow that. JUSTIFICATION : NONEwithRSA Signing is required by JSSE for client authentication enabled SSL. At the moment because SunMSCAPI doesn't include a NONEwithRSA property, the default NONEwithRSA signature class is being used. This class merely wraps the cipher class - and the MSCAPI cipher class doesn't support encrypting with private keys. A "Bad Key" exception results. See: EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - After setting a client application to use the Windows key and trust stores in the normal manner, and given that the server and client trust each other's certificates, using JSSE to connect to a server using SSL with client authentication should work. ACTUAL - The following error is thrown during the client verification stage, on the client end: Exception in thread "main" Bad Key. at at at at at at at sun.nio.cs.StreamEncoder.writeBytes( at sun.nio.cs.StreamEncoder.implFlushBuffer( at sun.nio.cs.StreamEncoder.implFlush( at sun.nio.cs.StreamEncoder.flush( at at SunMSCAPITest.main( Caused by: Bad Key. at at at javax.crypto.Cipher.doFinal(DashoA13*..) at$CipherAdapter.engineSign( at$Delegate.engineSign( at at at$Delegate.engineSign( at at$CertificateVerify.<init>( at at at at at at at at ... 6 more Caused by: Bad Key. at Method) at ... 23 more ---------- BEGIN SOURCE ---------- import; import; import; import; import; import; public class SunMSCAPITest { // Website to access public static final String TARGET_HTTPS_SERVER = "localhost"; public static final int TARGET_HTTPS_PORT = 8443; public static void main(String[] args) throws Exception { System.setProperty("","SunMSCAPI"); System.setProperty("","Windows-MY"); System.setProperty("","SunMSCAPI"); System.setProperty("","Windows-ROOT"); Socket socket = SSLSocketFactory.getDefault().createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT); try { Writer out = new OutputStreamWriter(socket.getOutputStream(), "ISO-8859-1"); out.write("GET / HTTP/1.1\r\n"); out.write("Host: " + TARGET_HTTPS_SERVER + ":" + TARGET_HTTPS_PORT + "\r\n"); out.write("Agent: SSL-TEST\r\n"); out.write("\r\n"); out.flush(); BufferedReader in = new BufferedReader(new InputStreamReader(socket .getInputStream(), "ISO-8859-1")); String line = null; while ((line = in.readLine()) != null) { System.out.println(line); } } finally { socket.close(); } } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : At the moment this can be worked around by setting both the client and server applications to use one of the other signature types instead of NONEwithRSA: i.e. Provider p = Security.getProvider("SunMSCAPI"); p.setProperty("Signature.NONEwithRSA","$SHA1"); This isn't always possible to do on the server end though, and breaks SSL compatibility.
    via by Nelson Dcosta,
  • HTTPS Problems
    via by 843811,
  • MSCAPI provider
    via by 843811,
  • SunMSCAPI with iKey 1000 USB token
    via by 843811,
  • Decrypt Keystore Password Suddenly Invalid?
    via by Unknown author,
    • eption: Bad Key. at at
    No Bugmate found.