- changed status to resolved
Only use PSSParameterSpec when the RSASSA-PSS algorithm name is used
Issue #178
closed
The PSSParameterSpec is redundant when using the older style algorithm names (<digest>with<encryption>and<mgf> -> SHA256withRSAandMGF1, SHA384withRSAandMGF1, and SHA512withRSAandMGF1) and, due to some changes in Java (around 8u271) in how provider selection is done, setting the PSSParameterSpec on the Signature object results in the expected provider not being chosen. When, for example, the ncipher HSM is used in conjunction with the system property work around in Issue #177 to use the older style PSS algorithm names, the signing operation still doesn’t work - resulting in an exception like this:
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.ncipher.provider.km.KMRSAPrivateCrtKey
at java.security.Signature$Delegate.chooseProvider(Signature.java:1261) ~[?:1.8.0_271]
at java.security.Signature$Delegate.engineInitSign(Signature.java:1332) ~[?:1.8.0_271]
Only using the PSSParameterSpec when the RSASSA-PSS algorithm name is used should fix this situation.
Comments (2)
-
reporter
-
reporter
- changed status to closed
released with jose4j-0.7.6 - January 27, 2021
- Log in to comment
Only use PSSParameterSpec when the RSASSA-PSS algorithm name is used to fix Issue
#178→ <<cset e4c6e1e26296>>