Signing operation on client side during SSL Handshake

Bradford Wetmore bradford.wetmore at oracle.com
Tue May 20 18:20:51 UTC 2014


You should continue following the code, but IIRC, internally 
"MD5andSHA1withRSA" does a Signature.getInstance("NONEwithRSA"), and 
then MessageDigest.getInstance("MD5") and ("SHA").

As long as your provider provides those algorithms and is prioritized 
ahead of other providers which do provide them, you should get them.

Note this is an implementation detail which could change, but AFAIK 
Oracle isn't doing any development in the Open 6 tree.

brad






On 5/20/2014 7:53 AM, Marcin Kaszubski wrote:
> Hi,
> I want to use private key stored in client TPM to establish MTLS (so
> both client and server will be verified) connection with server. So
> during ssl handshake this key will be used to sign some data. I wanted
> to write my own provider and implement required services to achieve it.
> Unfortunately during code review of jdk i found a problem. During sign
> operation on client side provider seems to be hardcoded.
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/RSASignature.java#82
>
>
> How can I use my own providers and its implementation of Signature to
> achieve it? Is there a different implementation of SSLSocket which my be
> used to achieve it?
>
> This is calling stack:
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/ClientHandshaker.java#734
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/HandshakeMessage.java#1262
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/RSASignature.java#82
>
>
>
>
> Best Regards,
> Marcin



More information about the security-dev mailing list