eption: Bad Key.

JDK Bug System | Nelson Dcosta | 9 years ago
  1. 0

    Bug ID: JDK-6578658 Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI | 2 months ago eption: Bad Key.
  2. 0

    Bug ID: JDK-6578658 Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI | 1 year ago eption: Bad Key.
  3. 0

    A DESCRIPTION OF THE REQUEST : Requesting support for doing raw RSA signing with SunMSCAPI - at present only SHA-1, MD5 and MD2 signing is possible. This would include the SunMSCAPI provider having the following property or similar:$NONE Alternatively, the SunMSCAPI cipher class could be changed to support encrypting with private keys, although i suspect that the underlying MSCAPI doesn't allow that. JUSTIFICATION : NONEwithRSA Signing is required by JSSE for client authentication enabled SSL. At the moment because SunMSCAPI doesn't include a NONEwithRSA property, the default NONEwithRSA signature class is being used. This class merely wraps the cipher class - and the MSCAPI cipher class doesn't support encrypting with private keys. A "Bad Key" exception results. See: EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - After setting a client application to use the Windows key and trust stores in the normal manner, and given that the server and client trust each other's certificates, using JSSE to connect to a server using SSL with client authentication should work. ACTUAL - The following error is thrown during the client verification stage, on the client end: Exception in thread "main" Bad Key. at at at at at at at sun.nio.cs.StreamEncoder.writeBytes( at sun.nio.cs.StreamEncoder.implFlushBuffer( at sun.nio.cs.StreamEncoder.implFlush( at sun.nio.cs.StreamEncoder.flush( at at SunMSCAPITest.main( Caused by: Bad Key. at at at javax.crypto.Cipher.doFinal(DashoA13*..) at$CipherAdapter.engineSign( at$Delegate.engineSign( at at at$Delegate.engineSign( at at$CertificateVerify.<init>( at at at at at at at at ... 6 more Caused by: Bad Key. at Method) at ... 23 more ---------- BEGIN SOURCE ---------- import; import; import; import; import; import; public class SunMSCAPITest { // Website to access public static final String TARGET_HTTPS_SERVER = "localhost"; public static final int TARGET_HTTPS_PORT = 8443; public static void main(String[] args) throws Exception { System.setProperty("","SunMSCAPI"); System.setProperty("","Windows-MY"); System.setProperty("","SunMSCAPI"); System.setProperty("","Windows-ROOT"); Socket socket = SSLSocketFactory.getDefault().createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT); try { Writer out = new OutputStreamWriter(socket.getOutputStream(), "ISO-8859-1"); out.write("GET / HTTP/1.1\r\n"); out.write("Host: " + TARGET_HTTPS_SERVER + ":" + TARGET_HTTPS_PORT + "\r\n"); out.write("Agent: SSL-TEST\r\n"); out.write("\r\n"); out.flush(); BufferedReader in = new BufferedReader(new InputStreamReader(socket .getInputStream(), "ISO-8859-1")); String line = null; while ((line = in.readLine()) != null) { System.out.println(line); } } finally { socket.close(); } } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : At the moment this can be worked around by setting both the client and server applications to use one of the other signature types instead of NONEwithRSA: i.e. Provider p = Security.getProvider("SunMSCAPI"); p.setProperty("Signature.NONEwithRSA","$SHA1"); This isn't always possible to do on the server end though, and breaks SSL compatibility.

    JDK Bug System | 9 years ago | Nelson Dcosta eption: Bad Key.
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    [JDK-6578658] Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI - Java Bug System | 1 year ago Bad Key.
  6. 0

    HTTPS Problems

    Oracle Community | 9 years ago | 843811 Erro interno.

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. eption: Bad Key.

      2 frames