Keystore does not support EC keys

jcryptool / core

JCrypTool Core Plug-ins

https://www.cryptool.org

Eclipse Public License 1.0

161 stars 43 forks source link

Keystore does not support EC keys #73

Closed dschadow closed 10 years ago

dschadow commented 10 years ago

Storing elliptic curve keys in the JCT-keystore ends in an exception, cause might be a different number of arguments provided by algorithm.xml than expected by the class:

java.lang.NoSuchMethodException: de.flexiprovider.common.ies.IESParameterSpec.(int) at java.lang.Class.getConstructor0(Class.java:2763) at java.lang.Class.getConstructor(Class.java:1693) at org.jcryptool.crypto.flexiprovider.reflect.Reflector.instantiateParameterSpec(Reflector.java:226) at org.jcryptool.crypto.flexiprovider.keystore.actions.NewKeyPairAction$1.run(NewKeyPairAction.java:106) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)

ghost commented 10 years ago

Instantiating an AlgorithmParameterSpec object of type IESParameterSpec via reflection fails (in line 226 of org.jcryptool.crypto.flexiprovider.reflect.Reflector.instantiateParameterSpec(...)) because a constructor taking a single parameter of type int is expected with the int being the length of the key. The only constructors present are: public IESParameterSpec() public IESParameterSpec(String symCipherName, String macName, byte[] macEncParam, byte[] sharedInfo) public IESParameterSpec(KeyPair ephKeyPair, String symCipherName, String macName, byte[] macEncParam, byte[] sharedInfo).

Since the existing constructors don't seem to accept anything like a key length IESParameterSpec might not be the correct spec used?

ghost commented 10 years ago

In /de.flexiprovider/xml/algorithms.xml replace

    <KeyPairGenerator class="de.flexiprovider.ec.keys.ECKeyPairGenerator" oid="1.2.840.10045.2.1">
      <Names>EC,ECDH,ECDSA,ECIES,ECNR</Names>
      <ParameterSpec class="de.flexiprovider.common.ies.IESParameterSpec"/>
      <KeyStrengths default="192"/>
    </KeyPairGenerator>

with

    <KeyPairGenerator class="de.flexiprovider.ec.keys.ECKeyPairGenerator" oid="1.2.840.10045.2.1">
      <Names>EC,ECDH,ECDSA,ECIES,ECNR</Names>
      <ParameterSpec class="de.flexiprovider.ec.parameters.CurveRegistry.BrainpoolP160r1"/>
    </KeyPairGenerator>

(No KeyStrengths needed)

Creating and verifying a 'Raw ECDSA' signature works with the generated key seems to work.

dschadow commented 10 years ago

Changed to

<KeyPairGenerator class="de.flexiprovider.ec.keys.ECKeyPairGenerator" oid="1.2.840.10045.2.1">
      <Names>EC,ECDH,ECDSA,ECIES,ECNR</Names>
      <KeyPairGenerator class="de.flexiprovider.ec.keys.ECKeyPairGenerator" />
      <ParameterSpec class="de.flexiprovider.common.ies.IESParameterSpec" />
</KeyPairGenerator>

The generated key shows a key length -1 in the properties dialog, but seems to work for signatures. Maybe that's only a problem of the properties dialog.