Closed hegusung closed 3 months ago
Thank you for reporting the issue, I'll look into it.
You are loading the private key from a file? What encryption does it use?
Here is the encryption used :
Certificate:
Data:
Version: 3 (0x2)
Serial Number: XXXXXXXX (0xXXXXXXX)
Signature Algorithm: sha1WithRSAEncryption
Issuer: <redacted>
Validity
Not Before: Jun X XX:XX:XX 20XX GMT
Not After : Jun X XX:XX:XX 20XX GMT
Subject: <redacted>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
The certificate works with osslsigncode without any issue. But I need to sign scripts.
That's the certificate, but how is encoded the private key?
PEM file format, not sure if I answer your question correctly, if not which openssl command should I do to give you the answer ?
I've been able to reproduce the issue, loading the private key from a PEM file no longer works. Bouncy Castle added a bunch of post quantum crypto algorithms, they are of no use to Jsign but are still required on the classpath.
Thanks a lot, looking forward to test this !
In the meantime, if you use a PKCS#12 keystore instead of a key file it should work.
Upon further investigations:
I'm tempted to drop the support for encrypted key files from the command line tool and the Ant task, hardware tokens and KMS are becoming the norm anyway.
A solution for the all-in-one jar would be to use Spring Boot instead of Maven Shade Plugin, that would fix the issue for the command line tool, but not for the Ant task. The jar would become unusable from Ant.
For the Ant task the proper solution would be use the jsign-ant artifact and its dependencies, typically using Ivy to build the classpath.
Alternatively, not using Bouncy Castle to decrypt the key would be fine too.
Hello, I tried using jsign but got the following error:
The .deb version didn't work either, what am I doing wrong ?
Regards