- changed status to open
Weak key solution with negative side effects (no HW backed keys supported)
Issue #279
resolved
With commit b3c700b changes were introduce to reject weak keys. The current implementation has a problem when using PrivateKey implementations that use key material stored in hardware (e.g. smartcards) as those implementations normally will throw an Exception when getModulus() is called. Using e.g. the RSASSASigner is not possible anymore.
Comments (5)
-
-
@orode Could you post the exception here?
It appears one way to handle this is to use the exception to infer an HSM-backed key, suppress the exception, and just continue.
-
reporter
Caused by: java.lang.UnsupportedOperationException at de.gematik.security.crypto.CardBasedRSAPrivateKey.getModulus(CardBasedRSAPrivateKey.java:87) at com.nimbusds.jose.crypto.RSASSASigner.<init>(RSASSASigner.java:115) at com.nimbusds.jose.crypto.RSASSASigner.<init>(RSASSASigner.java:92) at de.gematik.healthcardauthenticator.service.AuthenticationDialogActivity$2.doInBackground(AuthenticationDialogActivity.java:217) at de.gematik.healthcardauthenticator.service.AuthenticationDialogActivity$2.doInBackground(AuthenticationDialogActivity.java:162) at android.os.AsyncTask$2.call(AsyncTask.java:333) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) at java.lang.Thread.run(Thread.java:764)
-
- changed status to resolved
Work around in commit 8015ef1 , released to maven central as v6.1.1.
-
reporter
Nice. Thank you.
- Log in to comment
Thanks for the report. We have a tests with an HSM, I suppose that case was missed.