renatobianchini / eid-mw

Automatically exported from code.google.com/p/eid-mw
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Java 8 ; New cards with 2048 bits private keys => Error "RSA key must be at most 1024 bits" #130

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

Using a self-made applet, which loads the eid middleware (I configure a 
Provider, referencing the DLL ; and then I use 
"Security.insertProviderAt(pkcs11, 1);" to use that DLL, I am facing a problem 
in JRE 8, with new eid cards.

When I try to sign a document, using the Private Key previously loaded from the 
smart card using "KeyStore.getInstance("PKCS11", pkcs11);" and so on..

At this particular moment :
    Signature sig = Signature.getInstance("SHA1withRSA");
    sig.initSign(key);

I get the following error : "RSA key must be at most 1024 bits"

Stacktrace is :
java.security.InvalidKeyException: RSA key must be at most 1024 bits
    at sun.security.pkcs11.P11Signature.checkKeySize(P11Signature.java:366)
    at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:430)
    at java.security.Signature$Delegate.engineInitSign(Unknown Source)
    at java.security.Signature.initSign(Unknown Source)
    at be.nsi.tools.SecurityTools.getSignature(SecurityTools.java:25)
    at be.nsi.security.applet.SmartCardTools.signData(SmartCardTools.java:264)

Dumping detailed information on keys or signature providers :
    Keystore provider is [SunPKCS11-BelgiumIdentityCard version 1.8]
    privateKeyClass=[sun.security.pkcs11.P11Key.P11PrivateKey] privateKey.getFormat()=[null] privateKey.getAlgorithm()=[RSA]
    Signature provider is [SunPKCS11-BelgiumIdentityCard version 1.8]

And this only occurs with JRE 8 and with a new eid card (emitted after March 
2014, containing a 2048 bits private key).
With JRE 8, same code, same everything ; I just change the card for an older 
card (containing 1024 bits key) => no problem.

With an older JRE (7, 6 or even 5), no problem ; all cards are OK !!!
I am searching for a solution to make it work with Java 8 and a new card (2048 
bits PrivateKey size).

Any help appreciated ;)

Thanks,
  Julien.

Original issue reported on code.google.com by jvroo...@gmail.com on 5 Mar 2015 at 4:45

GoogleCodeExporter commented 9 years ago
Hello,

This issue should be fixed in the future release build (v410), which you can 
find on 
http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/windows/

Wkr,
 Frederik

Original comment by frederik...@gmail.com on 5 Mar 2015 at 7:13