ECC Support?

[se4n01]

Im trying to sign a binary with an ECC token and I get

$ jsign -s jsign.conf --storetype PKCS11 --storepass XXXXXXX -a "myorg" ./exe.exe Adding Authenticode signature to ./exe.exe jsign: Couldn't sign ./exe.exe java.lang.IllegalArgumentException: Unknown signature type requested: SHA256WITHEC at net.jsign.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source) at net.jsign.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source) at net.jsign.bouncycastle.operator.jcajce.JcaContentSignerBuilder.(Unknown Source) at net.jsign.AuthenticodeSigner.createSignedDataGenerator(AuthenticodeSigner.java:407) at net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:370) at net.jsign.AuthenticodeSigner.sign(AuthenticodeSigner.java:342) at net.jsign.SignerHelper.sign(SignerHelper.java:506) at net.jsign.JsignCLI.execute(JsignCLI.java:116) at net.jsign.JsignCLI.main(JsignCLI.java:40) Try `jsign --help' for more information.

I suspect this is an issue in that jsign is only supporting RSA since SHA256WITHEC makes no sense.

[ebourg]

I've fixed an issue with EC key in f8688bff, could you try again with the latest code on the master branch?

[devsibwarra]

@ebourg Was getting this error with jsign 4.0 (Win10, Java8, Google Cloud HSM). Built against master and I get a successful signature

$ java -jar $HOME\Downloads\jsign-4.0.jar --storetype GOOGLECLOUD ... .\test-setup.exe
Adding Authenticode signature to .\test-setup.exe
jsign: Couldn't sign .\test-setup.exe
java.lang.IllegalArgumentException: Unknown signature type requested: SHA256WITHEC
        at net.jsign.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source)
        at net.jsign.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source)
        at net.jsign.bouncycastle.operator.jcajce.JcaContentSignerBuilder.<init>(Unknown Source)
        at net.jsign.AuthenticodeSigner.createSignedDataGenerator(AuthenticodeSigner.java:407)
        at net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:370)
        at net.jsign.AuthenticodeSigner.sign(AuthenticodeSigner.java:342)
        at net.jsign.SignerHelper.sign(SignerHelper.java:506)
        at net.jsign.JsignCLI.execute(JsignCLI.java:116)
        at net.jsign.JsignCLI.main(JsignCLI.java:40)

$ java -jar $HOME\jsign\jsign\target\jsign-4.1-SNAPSHOT.jar --storetype GOOGLECLOUD ... .\test-setup.exe
Adding Authenticode signature to .\test-setup.exe

[ebourg]

@devsibwarra Thank you for the feedback!

[se4n01]

@ebourg yes that works beautifully! Well done all - I guess this issue can close since it is solved nicely in 4.1+