RSA Key Pair Generation on JVM - CertificateException: Invalid Padding Bits

[andreapiolanti]

First of all great job! I’m attempting to generate an RSA key pair with the following configuration:

rsa {
    paddings = setOf(RSAPadding.PKCS1)
    digests = setOf(Digest.SHA256)
    publicExponent = SigningKeyConfiguration.RSAConfiguration.F4
}

However, I encounter this error specifically on the JVM target (it works fine on iOS and Android):

java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Invalid number of padding bits
    at java.base/sun.security.x509.X509CertImpl.<init>(Unknown Source)
    at java.base/sun.security.provider.X509Factory.cachedGetX509Cert(Unknown Source)
    at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
    at java.base/java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
    at at.asitplus.signum.indispensable.JcaExtensionsKt.toJcaCertificate(JcaExtensions.kt:218)

It appears to be an issue with converting to JcaCertificate. Any insights on resolving this for JVM? Thanks

[JesusMcCloud]

Thanks for the report. Looks like an issue with RSA signature encoding. We're on it. expect a hotfix release soon.

[JesusMcCloud]

started here: https://github.com/a-sit-plus/signum/tree/hotfix/jcaCert but needs proper fixing.

[JesusMcCloud]

started here: https://github.com/a-sit-plus/signum/tree/hotfix/jcaCert but needs proper fixing.

currently, it is cursed. the proper fix is to rework the RSA signature representation and a proper BIT STRING implementation, which is padding-aware and then fix the parseFromJca mess.

[JesusMcCloud]

3.10.1 Hotfix release coming tomorrow

[iaik-jheher]

Release 3.10.1 (with #196 backported) should now be available from your favorite maven repository.

This should fix your issue, but we'd appreciate if you could confirm!

[andreapiolanti]

It works, thanks.