keytool generates incorrect EC AlgorithmIdentifier
Sean Mullan
sean.mullan at oracle.com
Tue Aug 25 20:35:09 UTC 2020
On 8/25/20 12:33 PM, Anders Rundgren wrote:
> The command
> keytool -genkeypair -keyalg ec -keysize 256 -dname "CN=me" -keystore
> mycert.jks
> using JDK 11 generates the following signature:
>
> 220: SEQUENCE
> {
> 222: OBJECT IDENTIFIER ecdsa-with-Sha256 (1.2.840.10045.4.3.2)
> 232: NULL
> }
> 234: BIT STRING, encapsulates
> {
> 237: SEQUENCE
> {
> 239: INTEGER
> 71 51 7a 19 ac 22 92 ef 3b 6d f8 1c 5f d6 5f 89
> 3f 69 bf 84 aa ac a3 00 fb 3e 31 ef 3f b3 ea b4
> 273: INTEGER
> 1a 07 d1 24 fd b8 1d c8 70 ca 0d ab 35 b1 d0 d5
> b6 e2 b7 d7 02 38 36 63 d6 db ff ea 7f f0 7d a9
> }
> }
> }
>
> AFAICT, "NULL" shouldn't be there although it in practice seems to be
> benign
> I could be an idea to fix it for EdDSA which I guess suffers from the
> same problem.
>
> https://tools.ietf.org/html/rfc5758#section-3.2
Right. The RFC says:
When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
as an AlgorithmIdentifier, the encoding MUST omit the parameters
field.
I'll file a bug.
Did you test EdDSA? Looking at the latest JDK code, I see that EdDSA
does not include NULL.
--Sean
More information about the security-dev
mailing list