JDK-6888925 : SunMSCAPI's Cipher can't use RSA public keys obtained from other sources.
- Type: Bug
- Component: security-libs
- Sub-Component: javax.crypto
- Affected Version: 6,7
- Priority: P3
- Status: Closed
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2009-10-07
- Updated: 2011-06-22
- Resolved: 2011-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 |
|---|
7 b142Fixed  |
Related Reports
|
Duplicate :
|
|
|
Relates :
|
Description
test.p12 is attached. Use IE to import the certificate/private key into the browser's keystore. Password is "test". Then run the following:
public static void main(String[] arg) throws Exception {
PrivateKey privKey = null;
Certificate cert = null;
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
PublicKey myPuKey = (PublicKey)
ks.getCertificate("test_cert0").getPublicKey();
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunMSCAPI");
rsa.init(Cipher.ENCRYPT_MODE, myPuKey);
myPuKey is a sun.security.rsa.RSAPublicKeyImpl here.
But MSCAPI checks that:
if (!(key instanceof sun.security.mscapi.Key)) {
throw new InvalidKeyException("Unsupported key type: " + key);
}
The current MSCAPI will choke on this in two places with an Unsupported key type. First in engineGetKeySize, and then in the actual Cipher's init routine.
Comments
|