Using jsign JCA provider with Google Cloud KMS allows to specify both the crypto key version and the algorithm (here using an Elliptic Curve key, generated with ec-sign-p256-sha256 key type):
jarsigner error: java.lang.IllegalArgumentException: private key algorithm does not match algorithm of public key in end entity certificate (the 1st in certPath)
Using
jsign
JCA provider with Google Cloud KMS allows to specify both the crypto key version and the algorithm (here using an Elliptic Curve key, generated withec-sign-p256-sha256
key type):leads to:
Analysis
This code is located at: https://github.com/ebourg/jsign/blob/93da678cb66ae36fa5c417c084676a48ef534e35/jsign-core/src/main/java/net/jsign/jca/GoogleCloudSigningService.java#L121-L124
Obviously, line 124 cannot work because the alias has already been stripped out of the trailing
:<sigalg>
part by line 123.