Signature with a privatekey doesn't works in JSS

Thu, 07 Oct 2010 14:17:21 -0700 

Hi, 
I need sign an array of byte with a privatekey (an iText requirement)
that is stored in JSS. I looked in google but everybody suggested the
same idea which is essentially:

       try {
            //certificate is a org.​mozilla.​jss.​crypto.X509Certificate
from the keystore
            byte[] derCert = certificate.getEncoded(); 
            org.mozilla.jss.pkix.cert.Certificate cert =
                    (org.mozilla.jss.pkix.cert.Certificate)
ASN1Util.decode(org.mozilla.jss.pkix.cert.Certificate.getTemplate(), 
                    derCert);
            Name issuerName = cert.getInfo().getIssuer();

            MessageDigest md =

MessageDigest.getInstance(DigestAlgorithm.SHA1.toString());
            //data is the byte[]
            byte[] messageDigest = md.digest(data);

            ContentInfo ci = new ContentInfo(data);

            IssuerAndSerialNumber iasn = new
IssuerAndSerialNumber(issuerName,
                    new INTEGER(certificate.getSerialNumber()));

            SET authenticatedAttributes = null;
            SET unauthenticatedAttributes = null;

            OBJECT_IDENTIFIER contentType = ContentInfo.DATA;
            SignatureAlgorithm signingAlg =
SignatureAlgorithm.RSASignatureWithSHA1Digest;

             //pk is a org.​mozilla.​jss.​crypto.PrivateKey that i get
with
            
//CryptoManager.findPrivKeyByCert(cryptoManager.findCertByNickname(nickName));
             SignerInfo si = new SignerInfo(iasn,
                    authenticatedAttributes,
                    unauthenticatedAttributes,
                    contentType,
                    messageDigest,
                    signingAlg,
                    pk);

            SET digestAlgorithms = null;
            digestAlgorithms = new SET();
            digestAlgorithms.addElement(new
AlgorithmIdentifier(DigestAlgorithm.SHA1.toOID()));

            SET certificates = null;
            SET signers = null;
            SET crls = null;
            certificates = new SET();

            certificates.addElement(new ANY(certificate.getEncoded()));
            certificates.addElement(new ANY(certChain[1].getEncoded()));
            for (int i = certChain.length; i < 0; --i) {                
                certificates.addElement(new ANY(certChain[i -
1].getEncoded()));
            }

            signers = new SET();
            signers.addElement(si);
            SignedData sd = new SignedData(digestAlgorithms, ci,
certificates, crls,
                    signers);

            ContentInfo cisd = new ContentInfo(sd);

            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            cisd.encode(baos);

            return baos.toByteArray();

        } catch (Exception ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE,
null, ex);
        }


The program stops in:

 SignerInfo si = new SignerInfo(iasn,
                    authenticatedAttributes,
                    unauthenticatedAttributes,
                    contentType,
                    messageDigest,
                    signingAlg,
                    pk);

throwing:

java.security.SignatureException: Signature operation failed on token
        at
org.mozilla.jss.pkcs11.PK11Signature.engineRawSignNative(Native Method)
        at
org.mozilla.jss.pkcs11.PK11Signature.engineSign(PK11Signature.java:255)
        at org.mozilla.jss.crypto.Signature.sign(Signature.java:125)
        at org.mozilla.jss.pkcs7.SignerInfo.<init>(SignerInfo.java:368)
        ....
java.lang.NullPointerException
        at
com.itextpdf.text.pdf.PdfPKCS7.getEncodedPKCS1(PdfPKCS7.java:1109)
         ....

I also try this:

        //java.​security.Signature
        Signature signer = Signature.getInstance("SHA1withRSA",
jSSProvider);

        //pk is a org.​mozilla.​jss.​crypto.PrivateKey that i get with
        
//CryptoManager.findPrivKeyByCert(cryptoManager.findCertByNickname(nickName));
        signer.initSign(pk);

        signer.update(toSign.getBytes());
        byte[] sign = signer.sign();

but throws:

java.security.SignatureException: Signing operation failed: (-8152) The
key does not support the requested operation.
        at org.mozilla.jss.pkcs11.PK11Signature.engineSignNative(Native
Method)
        at
org.mozilla.jss.pkcs11.PK11Signature.engineSign(PK11Signature.java:259)
        at org.mozilla.jss.crypto.Signature.sign(Signature.java:125)
        at
org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineSign(JSSSignatureSpi.java:153)
        at java.security.Signature
$Delegate.engineSign(Signature.java:1128)
        at java.security.Signature.sign(Signature.java:522)

I'm using:

Internal Key Storage Token

DBM_VERSION = N/A
JDK_VERSION = N/A
JSS_VERSION = JSS_4_3_2_RTM
NSPR_VERSION = NSPR_4_7_RTM
NSS_VERSION = NSS_3_12_RTM

java -version:
        java version "1.6.0_20"
        Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
        Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)
with "Unlimited-Strength-Jurisdiction-Policy"...

Any inputs would help me......

Thanks
Felix A.


-- 
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to