info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
java Signature.sign() can't call more than once
19 views
Skip to first unread message
Mikey Fujihara
Jan 19, 2012, 3:17:27 PM1/19/12
to mozilla-dev...@lists.mozilla.org
hello,
i have been trying to use JSS in my project, but i'm having issues using the java Signature class to sign. the issue i'm having is that i can't call Signature.sign() more than once after i call Signature.init(). it fails on Signature.update() call after i do Signature.sign(). this is the stack trace
java.security.SignatureException: Signature is not initialized
at org.mozilla.jss.pkcs11.PK11Signature.engineUpdate(PK11Signature.java:219)
at org.mozilla.jss.crypto.Signature.update(Signature.java:197)
at org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineUpdate(JSSSignatureSpi.java:145)
at java.security.Signature$Delegate.engineUpdate(Signature.java:1118)
at java.security.Signature.update(Signature.java:684)
at java.security.Signature.update(Signature.java:667)
according to the javadocs for Signature.sign() i should be able to call Signature.update() again after i call Signature.sign(), but that doesn't seem to be the case.
Signature.sign() - "A call to this method resets this signature object to the state it was in when previously initialized for signing via a call to initSign(PrivateKey). That is, the object is reset and available to generate another signature from the same signer, if desired, via new calls to update and sign. "
here is some sample code to show the behavior i am seeing. to run it, you have to initialize the database in new File("signature-cache/dbfile") and the password file new File("signature-cache/password").
public static void main(String[] args) throws KeyDatabaseException, CertDatabaseException,
AlreadyInitializedException, GeneralSecurityException, NotInitializedException,
IOException {
CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(new File(
"signature-cache/signature-db").getAbsolutePath());
vals.removeSunProvider = true;
CryptoManager.initialize(vals);
CryptoManager manager = CryptoManager.getInstance();
manager.setPasswordCallback(new FilePasswordCallback(new File("signature-cache/password")
.getAbsolutePath()));
KeyPairGenerator kpgen = KeyPairGenerator.getInstance("DSA");
kpgen.initialize(1024);
KeyPair keyPair = kpgen.generateKeyPair();
Signature signer = Signature.getInstance("SHA-1/DSA");
// init
signer.initSign(keyPair.getPrivate());
// sign
signer.update("foo".getBytes());
signer.sign();
System.out.println("signed foo");
// sign again, and should let me update
signer.update("bar".getBytes()); // this is where it fails
signer.sign();
System.out.println("signed bar");
}
i looked at the source code for PK11Signature.engineSign() at http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11Signature.java, and it looks like it is setting the state=UNINITIALIZED and sigContext=null after signing. is this intentional? it doesn't seem to match the expected behavior of the Signature class.
i have been trying to use JSS in my project, but i'm having issues using the java Signature class to sign. the issue i'm having is that i can't call Signature.sign() more than once after i call Signature.init(). it fails on Signature.update() call after i do Signature.sign(). this is the stack trace
java.security.SignatureException: Signature is not initialized
at org.mozilla.jss.pkcs11.PK11Signature.engineUpdate(PK11Signature.java:219)
at org.mozilla.jss.crypto.Signature.update(Signature.java:197)
at org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineUpdate(JSSSignatureSpi.java:145)
at java.security.Signature$Delegate.engineUpdate(Signature.java:1118)
at java.security.Signature.update(Signature.java:684)
at java.security.Signature.update(Signature.java:667)
according to the javadocs for Signature.sign() i should be able to call Signature.update() again after i call Signature.sign(), but that doesn't seem to be the case.
Signature.sign() - "A call to this method resets this signature object to the state it was in when previously initialized for signing via a call to initSign(PrivateKey). That is, the object is reset and available to generate another signature from the same signer, if desired, via new calls to update and sign. "
here is some sample code to show the behavior i am seeing. to run it, you have to initialize the database in new File("signature-cache/dbfile") and the password file new File("signature-cache/password").
public static void main(String[] args) throws KeyDatabaseException, CertDatabaseException,
AlreadyInitializedException, GeneralSecurityException, NotInitializedException,
IOException {
CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(new File(
"signature-cache/signature-db").getAbsolutePath());
vals.removeSunProvider = true;
CryptoManager.initialize(vals);
CryptoManager manager = CryptoManager.getInstance();
manager.setPasswordCallback(new FilePasswordCallback(new File("signature-cache/password")
.getAbsolutePath()));
KeyPairGenerator kpgen = KeyPairGenerator.getInstance("DSA");
kpgen.initialize(1024);
KeyPair keyPair = kpgen.generateKeyPair();
Signature signer = Signature.getInstance("SHA-1/DSA");
// init
signer.initSign(keyPair.getPrivate());
// sign
signer.update("foo".getBytes());
signer.sign();
System.out.println("signed foo");
// sign again, and should let me update
signer.update("bar".getBytes()); // this is where it fails
signer.sign();
System.out.println("signed bar");
}
i looked at the source code for PK11Signature.engineSign() at http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11Signature.java, and it looks like it is setting the state=UNINITIALIZED and sigContext=null after signing. is this intentional? it doesn't seem to match the expected behavior of the Signature class.
0 new messages