1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Can't sign with RSA/PSS on Android using AndroidKeyStore generated keys

Issue #541 resolved
Gennadi Kudrjavtsev created an issue

Hi.

I was trying to sign with SHA512withRSA/PSS algo on Android device but it fails with error:

com.nimbusds.jose.JOSEException: Invalid private RSA key: No installed provider supports this key: android.security.keystore2.AndroidKeyStoreRSAPrivateKey
                    at com.nimbusds.jose.crypto.RSASSASigner.getInitiatedSignature(RSASSASigner.java:291)
                    at com.nimbusds.jose.crypto.RSASSASigner.sign(RSASSASigner.java:258)
                 ....

The key was generated using AndroidKeyStore so it can’t be used for signing using external provider like BC.

For som reason Android specifies these algo names differently (https://developer.android.com/reference/java/security/Signature)

They are:

SHA224withRSA/PSS
SHA224withRSA/PSS
SHA256withRSA/PSS
SHA384withRSA/PSS
SHA512withRSA/PSS

Library expects RSASSA-PSS.

I replaced RSASSA-PSS to SHA512withRSA/PSS while debugging and it worked.

Is there any chance to extend the code with support of Android specific algo names?

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/7525e0ead2982fd0b14b89e14b4bbbffe92ee7d2/src/main/java/com/nimbusds/jose/crypto/impl/RSASSA.java#lines-94

Example:

} else if (alg.equals(JWSAlgorithm.PS512) // JWA mandates salt length equals hash
        && (signature = getSignerAndVerifier("RSASSA-PSS", provider, new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1))) != null) {
    return signature;
} else if(alg.equals(JWSAlgorithm.PS512))
        && (signature = getSignerAndVerifier("SHA512withRSA/PSS", provider)) != null) {
    return signature;
} else if (alg.equals(JWSAlgorithm.PS512)
        && (signature = getSignerAndVerifier("SHA512withRSAandMGF1", provider)) != null) {
    return signature;
}

Comments (4)

  3. Vladimir Dzhuvinov
    • changed status to open

    Hi Gennadi,

    Thanks for this report. It's extremely annoying that JCA provider people keep inventing new names for the PSS algs :) I'll check the proposed patch.

  4. Vladimir Dzhuvinov

    Released in 

    version 9.38-rc4 (2024-04-28)
    * Adds KeyRevocation class to support OpenID Federation 1.0.
    * Adds Android "SHA{256|384|512}withRSA/PSS" JCA algorithm support (iss
      #541).
    * Adds JWKSet.containsNonPublicKeys helper method.
    * The RSAKey and ECKey.Builder.privateKey methods must accept and correctly
      apply null arguments (iss #543).
    * Switches to Object.requireNonNull where appropriate to reduce code and
      use of exception message strings.
    * Updates to com.google.crypto.tink:tink:1.13.0
    * Updates to BouncyCastle 1.78 (JDK 1.8 on)
  5. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
Crypto package
Milestone
Votes
0
Watchers
1
Jira Software: the preferred issue tracker for Bitbucket. Join the team!