[ 
https://issues.apache.org/jira/browse/PDFBOX-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tilman Hausherr updated PDFBOX-3462:
------------------------------------
    Description: 
Certificate based encryption fails with pdfbox-app fails with 
"NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The 
cause (see long explanation 
[here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E])
 is that "all JCE provider JARs must be signed before they will be trusted by 
your Java runtime", i.e. there is no problem when using the bcprov*.jar, only 
when using a jar that has the bc jar merged into.

The Encrypt command line application fails as well (only for certificate based 
encryption).

To test this, just run this code:
{code}
Security.addProvider(new BouncyCastleProvider());
System.out.println(Arrays.toString(Security.getProviders()));
System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // 
fail
{code}

todo:
- ✓ better error message
- adjust website? Remove -certFile option from Encrypt tool?
- -test whether certificate based signing also fails? If yes, better error 
message- no problem


  was:
Certificate based encryption fails with pdfbox-app fails with 
"NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The 
cause (see long explanation 
[here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E])
 is that "all JCE provider JARs must be signed before they will be trusted by 
your Java runtime", i.e. there is no problem when using the bcprov*.jar, only 
when using a jar that has the bc jar merged into.

The Encrypt command line application fails as well (only for certificate based 
encryption).

To test this, just run this code:
{code}
Security.addProvider(new BouncyCastleProvider());
System.out.println(Arrays.toString(Security.getProviders()));
System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // 
fail
{code}

todo:
- better error message
- adjust website? Remove -certFile option from Encrypt tool?
- -test whether certificate based signing also fails? If yes, better error 
message- no problem



> Certificate based encryption fails with pdfbox-app
> --------------------------------------------------
>
>                 Key: PDFBOX-3462
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-3462
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Crypto
>    Affects Versions: 1.8.12, 1.8.13, 2.0.2, 2.0.3, 2.1.0
>            Reporter: Tilman Hausherr
>
> Certificate based encryption fails with pdfbox-app fails with 
> "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". 
> The cause (see long explanation 
> [here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E])
>  is that "all JCE provider JARs must be signed before they will be trusted by 
> your Java runtime", i.e. there is no problem when using the bcprov*.jar, only 
> when using a jar that has the bc jar merged into.
> The Encrypt command line application fails as well (only for certificate 
> based encryption).
> To test this, just run this code:
> {code}
> Security.addProvider(new BouncyCastleProvider());
> System.out.println(Arrays.toString(Security.getProviders()));
> System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // 
> fail
> {code}
> todo:
> - ✓ better error message
> - adjust website? Remove -certFile option from Encrypt tool?
> - -test whether certificate based signing also fails? If yes, better error 
> message- no problem



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

Reply via email to