Closed christian-schlichtherle closed 4 years ago
That's odd, since all the production certs with 4096 bit keys use RSASSA-PSS signatures. For testing we also use a selfsigned 4096 bit cert (not generated with keytool, though)
Using OpenJDK 11.0.5.10 I managed to create a certificate using the above keytool cmdline. The generated cert has "SHA384withRSAandMGF1" set as signature algorithm which is different from the "SHA256withRSAandMGF1" used in production.
I added some tests using certificates with different signature/key settings:
RSA 2048 with SHA256 (works) RSA 4096 with SHA256withRSAandMGF1 (works) RSA 4096 with SHA384withRSAandMGF1 (did not work)
With #14 the algorithm information is taken from the certificate. However, this means the API will also create/verify signatures using certificates that don't comply with the specs in "SECON".
Further, a lot of code isn't necessary anymore with the new BouncyCastle version and has been removed.
Thank you very much for the fix - LGTM. We will repeat our interoperability tests and let you know. Once it's done this issue can get closed.
Two minor notes:
KksSubscriber
and the KksTest
classes, every four spaces were replaced with TAB characters. This is not optimal because it assumes this exact TAB spacing for everyone.Thanks again for your efforts on resolving this issue!
Our interoperability tests with the AppSec tool have been successful.
There seems to be a problem with RSA keys with 4096 bits and the RSASSA-PSS algorithm when the private keys and certificates are generated by the keytool. Here is a transcript demonstrating that it works with 2048 bits, but not 4096 bits:
Debugging the problem doesn't help because the validation fails in BC and the byte code in their lib doesn't have debugging infos. However, I suspect the problem in the special setup for keys of 4096 bits or more. This is happening in
KksSubscriber.java
.Is this a bug or a feature? I would expect the tool to work with any proper sigalg and keysize, but it doesn't.