keytool generates incorrect EC AlgorithmIdentifier

Anders Rundgren anders.rundgren.net at gmail.com
Tue Aug 25 16:33:04 UTC 2020


The command
  keytool -genkeypair -keyalg ec -keysize 256 -dname "CN=me" -keystore mycert.jks
using JDK 11 generates the following signature:

220:     SEQUENCE
            {
222:         OBJECT IDENTIFIER ecdsa-with-Sha256 (1.2.840.10045.4.3.2)
232:         NULL
            }
234:     BIT STRING, encapsulates
            {
237:         SEQUENCE
                {
239:             INTEGER
                    71 51 7a 19 ac 22 92 ef 3b 6d f8 1c 5f d6 5f 89
                    3f 69 bf 84 aa ac a3 00 fb 3e 31 ef 3f b3 ea b4
273:             INTEGER
                    1a 07 d1 24 fd b8 1d c8 70 ca 0d ab 35 b1 d0 d5
                    b6 e2 b7 d7 02 38 36 63 d6 db ff ea 7f f0 7d a9
                }
            }
        }

AFAICT, "NULL" shouldn't be there although it in practice seems to be benign.
I could be an idea to fix it for EdDSA which I guess suffers from the same problem.

https://tools.ietf.org/html/rfc5758#section-3.2

Regards,
Anders


More information about the security-dev mailing list