- edited description
RSA engine faulty decryption/signing detected
Issue #138
closed
i'm using Jose4j 0.5.5 and getting error while creating signature, below is the code and error stacktrace plase help
JsonWebSignature senderJws = new JsonWebSignature(); senderJws.setPayload(claims.toJson()); senderJws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); senderJws.setKeyIdHeaderValue(this.getThumbprintFromCert());
senderJws.setHeader("typ", "JWT");
senderJws.setKey(privateKey);
senderJws.setDoKeyValidation(false);
System.out.println("\n\tPrivate key alg : "+privateKey.getAlgorithm());
System.out.println("senderJws------"+senderJws.toString());
try {
String compactSerialization = senderJws.getCompactSerialization();
System.out.println("\n\tGenerated JWT token : " + compactSerialization);
}catch (Exception ex){
ex.printStackTrace();
}
org.jose4j.lang.JoseException: Problem creating signature. at org.jose4j.jws.BaseSignatureAlgorithm.sign(BaseSignatureAlgorithm.java:76) at org.jose4j.jws.JsonWebSignature.sign(JsonWebSignature.java:102) at org.jose4j.jws.JsonWebSignature.getCompactSerialization(JsonWebSignature.java:74) org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:744) at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:682) at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:649) at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:317) at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:255) at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:1168) at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContainer.java:1160) at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:1057) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.SignatureException: java.lang.IllegalStateException: RSA engine faulty decryption/signing detected at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineSign(Unknown Source) at java.security.Signature$Delegate.engineSign(Signature.java:1211) at java.security.Signature.sign(Signature.java:583) at org.jose4j.jws.BaseSignatureAlgorithm.sign(BaseSignatureAlgorithm.java:72) ... 22 more
Comments (4)
-
reporter
-
repo owner
Never seen that one before.
As best I can tell, that IllegalStateException is coming from bouncycastle as a "defence against Arjen Lenstra’s CRT attack" when a fault in signature generation occurs. See https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/engines/RSABlindedEngine.java
Is this something you see regularly? You should probably try to look into why fault(s) might be occurring. I honestly have no idea what's going on there.
You might be able to avoid the issue by forcibly converting the private key to be a regular non CRT RSA private key. But I don't know if that's really a good idea.
-
repo owner
It shouldn't have any bearing on this issue but you'd probably want to use the latest version too - 0.6.5 is available now https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
-
repo owner
- changed status to closed
6 months with no update
- Log in to comment
