Help : java.security.UnrecoverableKeyException: excess private key
800855Sep 27 2010 — edited Oct 2 2010Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
at java.security.KeyStore.getKey(KeyStore.java:289)
at com.security.Security.generatePKCS7Signature(Security.java:122)
at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
------------------------------------------------------------------------
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
-------------------------------------------------------------------------------
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
-------------------------------------------------------------------------------
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM