Signing operation on client side during SSL Handshake
Bradford Wetmore
bradford.wetmore at oracle.com
Tue May 20 18:20:51 UTC 2014
You should continue following the code, but IIRC, internally
"MD5andSHA1withRSA" does a Signature.getInstance("NONEwithRSA"), and
then MessageDigest.getInstance("MD5") and ("SHA").
As long as your provider provides those algorithms and is prioritized
ahead of other providers which do provide them, you should get them.
Note this is an implementation detail which could change, but AFAIK
Oracle isn't doing any development in the Open 6 tree.
brad
On 5/20/2014 7:53 AM, Marcin Kaszubski wrote:
> Hi,
> I want to use private key stored in client TPM to establish MTLS (so
> both client and server will be verified) connection with server. So
> during ssl handshake this key will be used to sign some data. I wanted
> to write my own provider and implement required services to achieve it.
> Unfortunately during code review of jdk i found a problem. During sign
> operation on client side provider seems to be hardcoded.
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/RSASignature.java#82
>
>
> How can I use my own providers and its implementation of Signature to
> achieve it? Is there a different implementation of SSLSocket which my be
> used to achieve it?
>
> This is calling stack:
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/ClientHandshaker.java#734
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/HandshakeMessage.java#1262
>
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/RSASignature.java#82
>
>
>
>
> Best Regards,
> Marcin
More information about the security-dev
mailing list