Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can't read load RSA public key with JDK 1.4.2_08?

843811Apr 20 2005 — edited Jun 19 2006
We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.

This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.

This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?

The code that is failing on the client side is:
try {
   encKey = new byte[this.publicKeyInputStream.available()];
   this.publicKeyInputStream.read(encKey);
   spec = new X509EncodedKeySpec(encKey);
   keyFactory = KeyFactory.getInstance("RSA",  "org.bouncycastle.jce.provide.BouncyCastleProvider");
   myPublicKey = keyFactory.generatePublic(spec);
   return myPublicKey;
   }
catch (Exception e) {
   e.printStackTrace();
}
The stack trace that I'm getting includes ...
java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
   at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
   at java.security.KeyFactory.generatePublic(Unknown Source)
   at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
   at org.opencoral.util.Encryption.<init>(SourceFile:119)
   at org.opencoral.main.Coral.<init>(SourceFile:338)
   at org.opencoral.main.Coral.main(SourceFile:1919)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
   at java.lang.reflect.Method.invoke(Unknown Source)
   at com.sun.javaws.Launcher.executeApplication(Unknown Source)
   at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
   at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
   at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
   at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
   at com.sun.javaws.Launcher.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.

Any thoughts or insights?

Thanks,

John Shott
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 17 2006
Added on Apr 20 2005
#cryptography
3 comments
1,068 views