JDK-5078280 : REGRESSION: RSA key length not proper
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 5.0
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: windows_xp
- CPU: x86
- Submitted: 2004-07-26
- Updated: 2004-10-11
- Resolved: 2004-10-08
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | JDK 6 |
|---|---|
| 5.0u4Fixed | 6 b08Fixed  |
Description
Name: js151677 Date: 07/26/2004
FULL PRODUCT VERSION :
java version "1.5.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta3-b58)
Java HotSpot(TM) Client VM (build 1.5.0-beta3-b58, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows XP SP1
Windows 2000 SP4
A DESCRIPTION OF THE PROBLEM :
When using Java 1.5 if an RSA keypair is generated it has one less bit than requested, ie if a 512 bit keypair is requestedthen sometimes a 511 bit keypair is generated. There is no pattern to this - it affects all key sizes I have tried approximately 1 in 3 times.
This problem did not exist in Java 1.4.2.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I have included source that will replicate the problem.
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
/**
* Class to prove RSA keysize bug in Java 1.5.
*
* @author Wayne Grant
*/
public class RsaBug extends Object
{
public static void main(String[] sArgs)
{
try
{
for (int iCnt=0; iCnt < 10; iCnt++)
{
int iKeyPairSize = 512;
System.out.println("Generating " + iKeyPairSize + " bit RSA key pair");
// Generate RSA keypair
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
keyPairGen.initialize(iKeyPairSize, rand);
KeyPair keyPair = keyPairGen.generateKeyPair();
// Get priavte and public keys
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// Get keysize (modulus) of keys
KeyFactory keyFact = KeyFactory.getInstance("RSA");
RSAPrivateKeySpec privateKeySpec = (RSAPrivateKeySpec)keyFact.getKeySpec(privateKey, RSAPrivateKeySpec.class);
BigInteger privateModulus = privateKeySpec.getModulus();
int iPrivateKeySize = privateModulus.toString(2).length();
RSAPublicKeySpec publicKeySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger publicModulus = publicKeySpec.getModulus();
int iPublicKeySize = publicModulus.toString(2).length();
System.out.println("Generated a " + iPrivateKeySize + " bit RSA private key");
System.out.println("Generated a " + iPublicKeySize + " bit RSA public key");
if ((iKeyPairSize != iPublicKeySize) || (iKeyPairSize != iPrivateKeySize))
{
System.out.println("Failure!");
break;
}
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
}
---------- END SOURCE ----------
Release Regression From : 1.4.2_04
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
(Incident Review ID: 289826)
======================================================================
###@###.### 10/8/04 16:16 GMT
Comments
|