Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

X509 Signature Creation

7 views
Skip to first unread message

Robert Sueggel

unread,
Nov 2, 2004, 1:54:57 PM11/2/04
to
Hi group,
my application should generate signatures(=sign X509 Certificates) with
a private key which i define with only the values modulus and private
exponent(no prime factors or other values).Therefore i use the
RSAPrivateKeySpec Class. In order to generate the signature i pass the
private key to the sign method of the Class Signature. And thats the
position my program rises an exception.

java.security.SignatureException: Signing error:
java.lang.ArithmeticException: BigInteger: modulus not positive
at iaik.security.rsa.RSASignature.engineSign(Unknown Source)
at java.security.Signature.sign(Unknown Source)
at
robert.distributedCA.DemoApp$MyActionListener.actionPerformed(DemoApp.java:468)
at java.awt.Button.processActionEvent(Unknown Source)
at java.awt.Button.processEvent(Unknown Source)
...

If I pass a generated private Key with all information like the prime
factors and crt_coefficient, the sign method is working fine.
My explanation for this is that the signature method use additional
values like the prime factors to compute the signature by using the
chinese remainder theoreme. Maybe the sign method looks at any of these
values and throws an exception because of their zero values.
Is this a acceptable explication of my error?
Is it possible to generate X509 Certificate Signatures without using the
primefactors or crt_coefficient? Maybe i can skip the CRT because as far
as I know it is just an improvement of speed.

CODE:

PrivateKey privKey = DemoApp.mainApp.getSecurity().getCaPrivateKey();
BigInteger modulus = new BigInteger(1,
((RSAPrivateKey)privKey).getModulus().toByteArray());
BigInteger privExponent = new BigInteger(1,
((RSAPrivateKey)privKey).getPrivateExponent().toByteArray());
RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec( modulus,
privExponent);
KeyFactory kFact = KeyFactory.getInstance("RSA");
privateKey = kFact.generatePrivate(keySpec);

byte[] tbs = cert.getTBSCertificate();
Signature sharsa = Signature.getInstance("SHA1withRSA", "IAIK");
sharsa.initSign(privateKey);
sharsa.update(tbs);
byte[] signatureValue = sharsa.sign(); <- exception

Thanks
Robert

--


ammarrami

unread,
Feb 11, 2005, 10:01:37 AM2/11/05
to
how I do x509 signature creation

0 new messages