Re: "Pluggable" key serialization in JCE/JCA

-- *Von:* Anthony Scarpino mailto:anthony.scarp...@oracle.com>> *Gesendet:* Monday, March 28, 2022 6:31:29 AM *An:* Anders Rundgren mailto:anders.rundgren@gmail.com&

Re: [Internet]Re: "Pluggable" key serialization in JCE/JCA

On 2022-03-26 23:14, Bernd Eckenfels wrote: Just for completeness, the standard for key transport in JOSE is JWK (RFC7517). In COSE it is a COSE_Key(Set) as defined in RFC8152 sect13. BTW the most widely used CBOR/COSE application are probably the QR codes around Covid and Vaccination certific

Re: [Internet]Re: "Pluggable" key serialization in JCE/JCA

ds, Anders Thanks, Xuelei On Mar 25, 2022, at 11:56 AM, Anders Rundgren wrote: Hi Michael & the JDK crypto team, Although it might be cool writing a JEP it is not really my job. There are also multiple ways of addressing this issue. BTW, the COSE/JOSE folks who are about to introduc

Re: "Pluggable" key serialization in JCE/JCA

JDK folks. In fact, this is the origin of this request. It seems that nobody representing JDK crypto is involved in COSE/JOSE. Thanx, Anders On 2022-03-25 18:23, Michael StJohns wrote: On 3/25/2022 12:33 PM, Anders Rundgren wrote: On 2022-03-25 17:12, Anthony Scarpino wrote: When you say

Re: "Pluggable" key serialization in JCE/JCA

JDK folks. In fact, this is the origin of this request. It seems that nobody representing JDK crypto is involved in COSE/JOSE. Thanx, Anders On 2022-03-25 18:23, Michael StJohns wrote: On 3/25/2022 12:33 PM, Anders Rundgren wrote: On 2022-03-25 17:12, Anthony Scarpino wrote: When you say

Re: "Pluggable" key serialization in JCE/JCA

key does not support encoding" With COSE/JOSE there is no longer an obvious primary encoding format. Anders Tony On 3/25/22 1:03 AM, Anders Rundgren wrote: Hi Mike & the JDK crypto team, What I'm saying is that key serialization in Java haven't gotten enough attention.  Exam

Re: "Pluggable" key serialization in JCE/JCA

ds, Anders On 2022-03-25 3:12, Michael StJohns wrote: On 3/24/2022 12:28 PM, Anders Rundgren wrote: On 2022-03-24 16:59, Michael StJohns wrote: On 3/24/2022 2:46 AM, Anders Rundgren wrote: Hi List, I find it a bit strange that every user of crypto either have to write or install specific soft

Re: [Internet]"Pluggable" key serialization in JCE/JCA

On 2022-03-24 17:27, xueleifan(XueleiFan) wrote: On Mar 23, 2022, at 11:46 PM, Anders Rundgren wrote: Hi List, I find it a bit strange that every user of crypto either have to write or install specific software for converting JOSE/COSE/PEM keys back-and-forth to Java's int

Re: "Pluggable" key serialization in JCE/JCA

On 2022-03-24 16:59, Michael StJohns wrote: On 3/24/2022 2:46 AM, Anders Rundgren wrote: Hi List, I find it a bit strange that every user of crypto either have to write or install specific software for converting JOSE/COSE/PEM keys back-and-forth to Java's internal representation. This re

"Pluggable" key serialization in JCE/JCA

Hi List, I find it a bit strange that every user of crypto either have to write or install specific software for converting JOSE/COSE/PEM keys back-and-forth to Java's internal representation. This reduces the value of the abstract types as well. Now there is whole bunch of new algorithms com

Re: Regression bug in PKCS12 key wrapping

Apparently there was a bug in BC. The GitHub issue has been updated. Case dismissed :) thanx, Anders On 2021-11-25 4:10, Wei-Jun Wang wrote: On Nov 24, 2021, at 11:14 AM, Anders Rundgren wrote: Hi List, Although this bug is for BC, I believe the problem is rather in JDK 17: https

Regression bug in PKCS12 key wrapping

Hi List, Although this bug is for BC, I believe the problem is rather in JDK 17: https://github.com/bcgit/bc-java/issues/823#issuecomment-977919380 Thanx, Anders

Keytool: PathLen:2147483647

Since the JDK bug report tool does not include "keytool" I posted this here. I believe I saw this a decade ago but it still looks like a bug, albeit a very minor one :) SEQUENCE { OBJECT IDENTIFIER basicConstraints (2.5.29.19) BOOLEAN true OCTET STRING, encapsulates {

Re: Keytool does not agree with RFC 8410

On 2021-02-01 16:01, Wei-Jun Wang wrote: On Feb 1, 2021, at 2:32 AM, Anders Rundgren wrote: On 2021-01-31 20:00, Wei-Jun Wang wrote: https://bugs.openjdk.java.net/browse/JDK-8260693 filed. Thanx! In the bug report you also write: We'll also need a way to generate this ki

Re: Keytool does not agree with RFC 8410

a key container attestation key for *all* CSRs which is a more useful method than self-signed CSRs. Regards, Anders Thanks, Max On Jan 31, 2021, at 2:12 AM, Anders Rundgren wrote: Since the JDK bug report tool does not include "keytool" I posted this here. Keytool for JDK 15 r

Keytool does not agree with RFC 8410

Since the JDK bug report tool does not include "keytool" I posted this here. Keytool for JDK 15 reports "Subject Public Key Algorithm: XDH key of unknown size" for a certificate  containing the following public key: 148: SEQUENCE {  150:   SEQUENCE {  152: OBJECT IDENTIFIER X255

Re: getParams() for XECKey returns nonsense

On 2020-09-08 22:05, Anthony Scarpino wrote: On 9/8/20 11:42 AM, Anders Rundgren wrote: On 2020-09-08 19:29, Anthony Scarpino wrote: On 8/30/20 9:51 AM, Anders Rundgren wrote: Hi, This applies to JDK 11. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/interfaces

Re: getParams() for XECKey returns nonsense

On 2020-09-08 19:29, Anthony Scarpino wrote: On 8/30/20 9:51 AM, Anders Rundgren wrote: Hi, This applies to JDK 11. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/interfaces/XECKey.html what is the value of "AlgorithmParameterSpec"? In JDK 15 the new E

JDK's XECPublicKey.getEncoded() deviates from RFC8410

Being an early adopter has its challenges... https://github.com/cyberphone/openkeystore/blob/master/library/test/org/webpki/crypto/Jdk15XdhSerializationBug.java   This test program verifies that JDK 11 - JDK 15 according to section 3 of   RFC 8410 incorrectly add an ASN.1 "NULL" to the AlgorithmI

Re: Missing documentation for EdDSA key serialization

keystore/blob/427f65df6eb26e9150a1aefd6f0abf3abe761e91/library/src/org/webpki/crypto/CryptoUtil.java#L59 Thanx, Anders On 2020-08-31 20:38, Michael StJohns wrote: On 8/31/2020 2:00 PM, Anthony Scarpino wrote: On 8/31/20 8:16 AM, Anders Rundgren wrote: On https://tools.ietf.org/html/rfc8032#page-24 you can find test vec

Missing documentation for EdDSA key serialization

On https://tools.ietf.org/html/rfc8032#page-24 you can find test vectors that are also used by rfc8037 (JOSE). However, there seems to be no information on how to create an EdDSA public key from such a vector. Apparently you must be an expert on the inner workings of EdDSA in order to use this

getParams() for XECKey returns nonsense

Hi, This applies to JDK 11. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/interfaces/XECKey.html what is the value of "AlgorithmParameterSpec"? In JDK 15 the new EdECKey has gotten a more logical solution: https://download.java.net/java/early_access/jdk15/docs/api/ja

Correction: Re: RFC8410 (in)compatibility

The RFC8410 author claims that the public key featured in the "self-issued" certificate is NOT related to the signature key. The answer to my question is thus (?) that "Signature" should (as BC does) reject X25519 keys. All is good :-) Anders On 2020-08-28 16:07, Anders

Re: RFC8410 (in)compatibility

25519 signature keys. Probably for a reason. Regards, Anders —Max On Aug 28, 2020, at 9:55 AM, Anders Rundgren wrote: On 2020-08-28 15:41, Weijun Wang wrote: What version of java are you using and what’s your command to generate the key pair? Hi Max, While waiting for JDK 15, I'm

Re: RFC8410 (in)compatibility

x On Aug 28, 2020, at 7:03 AM, Anders Rundgren wrote: Hi Crypto Experts, Please pardon my ignorance regarding curve25519, but I ran into problems [*] trying to recreate the sample certificate: https://tools.ietf.org/html/rfc8410#section-10.2 It seems that the certificate is signed wit

RFC8410 (in)compatibility

;Signature" object supposed to accept X25519 keys? Personally I don't see any use of a self-signed encryption certificate so maybe this is just a bad example...kind of edge case. Regards, Anders Rundgren *] java.security.InvalidKeyException: cannot identify EdDSA private key

keytool generates incorrect EC AlgorithmIdentifier

The command  keytool -genkeypair -keyalg ec -keysize 256 -dname "CN=me" -keystore mycert.jks using JDK 11 generates the following signature: 220: SEQUENCE    { 222: OBJECT IDENTIFIER ecdsa-with-Sha256 (1.2.840.10045.4.3.2) 232: NULL    } 234: BIT STRING, en

Backporting EdDSA support to JDK-11

Hi JDK maintainers, I must admit that I know very little about the policies for backporting and upgrading LTS versions of JDK but EdDSA is mainstream these days. https://openjdk.java.net/jeps/339 Any suggestions would be welcome! thanx, Anders

Re: JEP Proposal: EdDSA Signatures

On 2018-05-01 17:21, Adam Petcher wrote: The work for X25519/X448 is wrapping up[1], so I have started thinking about EdDSA. Please review the draft JEP[2] for EdDSA, and let me know what you think. I'm not really sure what priority to give the EdDSA work, and it is optional in TLS 1.3. So if you

Re: Da Capo: JSON "clear text" signatures

ly or through a super interface. The existing Nashorn method (after upgrade to match ES better) moved to the Java layer would probably be just fine. Anders -Sundar On 29/01/18, 7:45 PM, Anders Rundgren wrote: On 2018-01-29 14:52, Hannes Wallnöfer wrote: Hi Anders, I think I lack the co

Re: Da Capo: JSON "clear text" signatures

html https://cyberphone.github.io/doc/security/jose-jef.html Thanx, Anders Thanks, Hannes Am 28.01.2018 um 10:48 schrieb Anders Rundgren : The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization. The plan is having a BOF session at the

Da Capo: JSON "clear text" signatures

The JSON "clear text" signature initiative seems to (finally) be headed for IETF standardization.  The plan is having a BOF session at the next IETF in London. This scheme builds on EcmaScript JSON processing rules for data normalization which only rely on JSON.parse() and JSON.stringify(). A

Re: API review for X25519/X448

On 2018-01-03 17:26, Adam Petcher wrote: Since this is quite similar to what I proposed some 6 month ago https://github.com/cyberphone/java-cfrg-spec I can only give it a +100 :-) Cheers, Anders now looking forward to the signature support. Now that the JEP[1] for X25519/X448 key agreement is

Re: KeyStore.login pin validation for smartcard.

indows itself deals with smart cards. My former colleges at PrimeKey AB used PKCS #11 for all their Java applications for higher flexibility. HTH Anders Jason ____ From: Anders Rundgren Sent: Friday, December 1, 2017 11:53 PM To: Bernd Eckenfels; Jason Meh

Re: KeyStore.login pin validation for smartcard.

Unfortunately this is a part of the underlying implementation. Assuming you use PKCS #11, you could take a look at the code and see what it does with an externally supplied password. Anders On 2017-12-01 23:08, Bernd Eckenfels wrote: Hm, I remember I had a problem the other way around: I coul

Re: JEP for X25519/X448 key agreement

On 2017-09-21 17:25, Adam Petcher wrote: I would like to leave this open for feedback for another week or so. Please reply with your comments by Saturday, September 30, end of day, anywhere on earth. After that time, I plan to move on to the next phase of the process (group lead and architect rev

Re: JCA design for RFC 7748

Does this mean that the following is correct? EC public key: public interface ECPublicKey extends PublicKey, ECKey CFRG/RFC 7748 public key: public class TheActualImplememtationClass extends PublicKey, ByteArrayKey If so, it should work. Documentation seems a bit less obvious though which i

Re: JCA design for RFC 7748

Hi Guys, whatever you come up with I anticipate it comes with descriptions of how to use it as well. I would recommend putting the JEP on GitHub (although this may not be the usual process), since this topic have bearings on other crypto APIs in the workings. I really hope that the end-result wi

Re: JCA design for RFC 7748

On 2017-08-08 21:42, Xuelei Fan wrote: On 8/8/2017 8:45 AM, Anders Rundgren wrote: Object myOwnEncrypt(PublicKey publicKey) throws SecurityException { if (publicKey instanceof RSAKey) { // RSA } else { // It should be EC } } The code above is not reliable unless

Re: JCA design for RFC 7748

On 2017-08-08 17:25, Adam Petcher wrote: It sounds like what you are saying is that I will need something like XDHPublicKey and XDHPrivateKey in java.security.interfaces. Can you tell me why? What is it that we can't do without these interfaces? Every JOSE Java library I have seen constructs a

Re: JCA design for RFC 7748

On 2017-08-07 23:52, Michael StJohns wrote: On 8/7/2017 4:37 PM, Adam Petcher wrote: These two assumptions greatly simplify the API. We won't need classes that mirror ECParameterSpec, EllipticCurve, ECPoint, ECField, ECPublicKey, etc. for X25519/X448. That assumption holds only if your vario

Request - JavaScript Compatible Number Canonicalization

This may not sound like a security related issue but it actually is... Although entirely uncoordinated, there are several "standards" in the workings based on creating JSON-based clear text alternatives to IETF's JWS signature scheme (which encodes data in Base64Url). All of these schemes shar

Re: PKCS #11 TC looks into OKP versus EC for CFRG support

On 2017-08-04 21:33, Michael StJohns wrote: On 8/4/2017 3:05 PM, Anders Rundgren wrote: https://lists.oasis-open.org/archives/pkcs11/201708/msg6.html C'mon (Oracle) Guys, what's *your* plan; is JDK open source or not? :-) Yeah, I know that open source <> open ideas but t

PKCS #11 TC looks into OKP versus EC for CFRG support

https://lists.oasis-open.org/archives/pkcs11/201708/msg6.html C'mon (Oracle) Guys, what's *your* plan; is JDK open source or not? :-) Yeah, I know that open source <> open ideas but the world needs a direction. Feel completely free dismissing OKP, it is the silence that's killing us. Cheers

IETF input on CFRG support in Java

https://mailarchive.ietf.org/arch/msg/curdle/GVHazpHuUxq5H7PShB0AFE8DQZI Jim Schaad is one of the leading cryptographers in IETF. Anders Recently upgraded: https://github.com/cyberphone/java-cfrg-spec

ECNamedCurveSpec

Highly related to https://github.com/cyberphone/java-cfrg-spec (no takers?) is the fact that quite a lot of code out there depend on org.bouncycastle.jce.spec.ECNamedCurveSpec Are there any plans to create a "true" java version of ECNamedCurveSpec or are we stuck with "workarounds": https://sta

Re: JDK 8 does not comply with RFC 5915

about private key serialization :-) Anders On 2017-06-26 23:44, Michael StJohns wrote: Inline. On 6/26/2017 2:56 PM, Anders Rundgren wrote: On 2017-06-26 17:58, Michael StJohns wrote: Umm... SHOULD is not a MUST - JDK8 does comply with the RFC, it just doesn't provide the "conveni

Re: JDK 8 does not comply with RFC 5915

On 2017-06-26 17:58, Michael StJohns wrote: On 6/25/2017 2:21 AM, Anders Rundgren wrote: During the work with https://github.com/cyberphone/java-cfrg-spec I had to look at the PKCS #8 spec as well. It turns out that JDK 8 does not comply with RFC 5915's SHOULD since EC private keys creat

JDK 8 does not comply with RFC 5915

During the work with https://github.com/cyberphone/java-cfrg-spec I had to look at the PKCS #8 spec as well. It turns out that JDK 8 does not comply with RFC 5915's SHOULD since EC private keys created by KeyPairGenerator do not contain public key info when getEncoded(). I didn't check PKCS #8

Java/JCE CFRG integration spec on GitHub

I turned this topic into a separate GitHub repository instead of a BC issue (which it really isn't). I would be very happy to get some feedback on this proposal, including pull requests. There's a certain urgency, since the BC implementation is just about to start, while I guess Oracle is targ

OKP Keys? Was: Support for CFRG (curve25519 etc) in Java/JCE

The COSE draft also refers to "OKP" keys: https://tools.ietf.org/html/draft-ietf-cose-msg-24 which in my opinion speaks for separating the CFRG algorithms from EC. OKP keys have as far as I can tell (I'm not a cryptographer, just an applier of cryptography), no ECPoint, coFactor, and ECField an

Re: Support for CFRG (curve25519 etc) in Java/JCE

On 2017-06-21 17:31, Adam Petcher wrote: On 6/21/2017 11:20 AM, Anders Rundgren wrote: Thanx, but at this stage I'm mainly concerned about the specification. Is the specification also supposed to be created in the issue above? There is a JEP in development for RFC 7748, and I expect th

Re: Support for CFRG (curve25519 etc) in Java/JCE

https://github.com/bcgit/bc-java/issues/193#issuecomment-309183825 Regards, Sean. On 20/06/17 21:32, Anders Rundgren wrote: Hi List, I'm an long time user of Java and JCE. I've just begun looking into the recently standardized curve25519 crypto. Since I didn't find any JEP or JSR for thi

Support for CFRG (curve25519 etc) in Java/JCE

ues/193#issuecomment-309183825 WDYT? Thanx, Anders Rundgren, Co-inventor of signed JavaScript/JSON objects: https://cyberphone.github.io/doc/security/jcs.html

Re: Creating an EC Public Key using Named Curves

tedCurves") > .split("\\|"); > for (String curve : curves) { > System.out.println(curve.substring(1, curve.indexOf(","))); > } > > > > > On 8 Oct 2013, at 13:53, Anders Rundgren wrote: > >> If you have the X a

Correction. Re: Creating an EC Public Key using Named Curves

se a serialized named ECPublicKey in JDK 7 uses a different (and IMHO incorrect) format which makes it impossible to sign a public key in an interoperable way. Note: I used Oracle's JDK 7 on Windows but I assume it is the same for OpenJDK. thanx Anders Rundgren > > > > > On 8 O

Re: Creating an EC Public Key using Named Curves

))); > } Thanx Vicent, I guess this is new for JDK 7. Unfortunately I seem to be stuck with BC because a serialized named ECPublicKey in JDK 7 uses a different (and IMHO incorrect) format which makes it impossible to sign a public key in an interoperable way. Note: I used Oracle

Creating an EC Public Key using Named Curves

If you have the X and Y points and the name of a public key you can create a ECPublicKey using BouncyCastle. I cannot find any counterpart in JDK 7. What am I missing? BC: return KeyFactory.getInstance ("EC").generatePublic (new ECPublicKeySpec (new ECPoint (x, y), new ECNamedCurveSpec (name,.