keytool generates incorrect EC AlgorithmIdentifier
Anders Rundgren
anders.rundgren.net at gmail.com
Tue Aug 25 16:33:04 UTC 2020
The command
keytool -genkeypair -keyalg ec -keysize 256 -dname "CN=me" -keystore mycert.jks
using JDK 11 generates the following signature:
220: SEQUENCE
{
222: OBJECT IDENTIFIER ecdsa-with-Sha256 (1.2.840.10045.4.3.2)
232: NULL
}
234: BIT STRING, encapsulates
{
237: SEQUENCE
{
239: INTEGER
71 51 7a 19 ac 22 92 ef 3b 6d f8 1c 5f d6 5f 89
3f 69 bf 84 aa ac a3 00 fb 3e 31 ef 3f b3 ea b4
273: INTEGER
1a 07 d1 24 fd b8 1d c8 70 ca 0d ab 35 b1 d0 d5
b6 e2 b7 d7 02 38 36 63 d6 db ff ea 7f f0 7d a9
}
}
}
AFAICT, "NULL" shouldn't be there although it in practice seems to be benign.
I could be an idea to fix it for EdDSA which I guess suffers from the same problem.
https://tools.ietf.org/html/rfc5758#section-3.2
Regards,
Anders
More information about the security-dev
mailing list