mace-opensaml-users - Re: java-xmltooling ANT build and JUnit failures
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: java-xmltooling ANT build and JUnit failures
- Date: Thu, 10 Jan 2008 14:07:58 -0500
Clifford Johnson wrote:
Brett,
Your changes in 489 seem to do the trick. I discovered that the encoded
private key in ExplicitKeySignatureTrustEngineTest doesn't use a PKCS8
so the Sun RSA key generator fails. The key *is* a simple PKCS1 encoded
private key.
Yeah, my mistake, I thought I had converted the output of openssl genrsa to PKCS#8 with openssl pkcs8, but obviously not.
I was also doubly confused because if you do successfully create a PrivateKey from that base64-encoded info in the unit test (either by having the BC provider installed or with the not-yet-commons-ssl lib), if you do a getFormat() on the resulting PrivateKey it says "PKCS#8". And that's because they both apparently allow the PKCS#1 structure (which the not-yet-commons lib calls the "OpenSSL "Traditional SSLeay Compatible Format"" - is there a difference with PKCS#1, I wonder? I'm not familiar with the history...) to be passed in where PKCS8 is expected. The commons lib, through the DER data passed to the constructor of PKCS8Key class, actually reformats the openssl PKCS1(?) DER structure into PKCS8 and just creates a standard Java PKCS8EncodedKeySpec and then just uses whatever default RSA KeyFactory provider is configured. I haven't looked at BC, but I suspect that their KeyFactory impl just handles the conversion in a similar way, since it was working correctly with that data passed straight into a PKCS8EncodedKeySpec.
Before I saw your note, I was in the process of assembling
a decoding for the PKCS1 encoding so that the
java.security.spec.RSAPrivateCrtKeySpec could be used (it doesn't have
an encoded key constructor).
Yeah, I actually couldn't off-hand find anything in the standard Java security classes (KeySpec's, etc) that actually allowed direct input of a PKCS#1 structure, which I find interesting.
Just thought I'd note all this for the archives.
--Brent
- java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/08/2008
- RE: java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/09/2008
- Re: java-xmltooling ANT build and JUnit failures, Brent Putman, 01/09/2008
- RE: java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/09/2008
- Re: java-xmltooling ANT build and JUnit failures, Brent Putman, 01/10/2008
- RE: java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/10/2008
- Re: java-xmltooling ANT build and JUnit failures, Brent Putman, 01/10/2008
- RE: java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/09/2008
- Re: java-xmltooling ANT build and JUnit failures, Brent Putman, 01/09/2008
- Re: java-xmltooling ANT build and JUnit failures, Brent Putman, 01/09/2008
- RE: java-xmltooling ANT build and JUnit failures, Clifford Johnson, 01/09/2008
Archive powered by MHonArc 2.6.16.