https://bz.apache.org/bugzilla/show_bug.cgi?id=68483
Bug ID: 68483
Summary: Exception when Sign office with private key in HSM -
Private Exponent value is sensitive.
Product: POI
Version: 5.2.3-FINAL
Hardware: PC
OS: Linux
Status: NEW
Severity: blocker
Priority: P2
Component: XWPF
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 39519
--> https://bz.apache.org/bugzilla/attachment.cgi?id=39519&action=edit
Exception
I try to sign a Office Document with HSM in java. When I use p12 or pfx file.
Sign success and no problem. But when I try to use HSM (Utimaco) to do that, I
have a Exeption: java.lang.UnsupportedOperationException: Private Exponent
value is sensitive. May be in Apache Poi, load private key from HSM is not
allowed. I can sign pdf( with itext) or sign XML with HSM => no problem
What should I do in this case?
My sample:
OPCPackage pkg = null;
try{
pkg=OPCPackage.open(tempDoc);
}catch(InvalidFormatException ex){
ex.printStackTrace();
}
ProviderConfig providerConfig=new
ProviderConfig(cryptoSource.getModule(),cryptoSource.getSlot(),
cryptoSource.getPin());
Provider provider=providerConfig.getProvider();
Security.addProvider(provider);
SignatureConfig sic=new SignatureConfig();
sic.setKey(keyAndCert.getPrivateKey());
sic.setDigestAlgo(HashAlgorithm.sha256);
sic.setSigningCertificateChain(Collections.singletonList(keyAndCert.getCertificate()));
sic.setIncludeEntireCertificateChain(false);
sic.setSignatureDescription("ThÃch");
sic.setExecutionTime(new Date());
sic.setXadesDigestAlgo(HashAlgorithm.sha256);
SignatureInfo si=new SignatureInfo();
si.setSignatureConfig(sic);
si.setOpcPackage(pkg);
boolean isValid=si.verifySignature();
log.error("verifySignature: {} ",isValid);
si.confirmSignature();
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
