[jira] [Commented] (PDFBOX-5940) InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey

Mon, 27 Jan 2025 06:39:48 -0800 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-5940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17921408#comment-17921408
 ] 

Michael Klink commented on PDFBOX-5940:
---------------------------------------

{quote}how would be know the correct algorithm{quote}

Well, usually there strictly speaking is not _*the* correct algorithm_. E.g. if 
you have a RSA key, you may either sign using the old RSASSA-PKCS1-v1_5 
(SHAxxxwithRSA) or the slightly newer RSASSA-PSS (SHAxxxwithMGF1andRSA); if you 
have an EC key, you may either use DER (SHAxxxwithECDSA) or PLAIN 
(SHAxxxwithPLAIN-ECDSA).

Concerning the digest algorithm, there often are multiple option. Usually one 
chooses a digest algorithm with comparable strength, so it depends on the key 
length or curve. E.g. SHA256withRSA/2048, SHA512withRSA/4096, SHA256withECDSA 
on brainpoolP256r1 or secp256r1, SHA512withECDSA on brainpoolkP512r1 or 
secp521r1.


> InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a 
> RSAPrivateKey
> -------------------------------------------------------------------------------------------
>
>                 Key: PDFBOX-5940
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-5940
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Crypto, Signing
>    Affects Versions: 2.0.33, 3.0.4 PDFBox, 4.0.0
>            Reporter: Tilman Hausherr
>            Assignee: Tilman Hausherr
>            Priority: Trivial
>             Fix For: 2.0.34, 3.0.5 PDFBox, 4.0.0
>
>
> InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a 
> RSAPrivateKey instance
>         at 
> org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown
>  Source)
>         at 
> java.base/java.security.Signature$Delegate.tryOperation(Signature.java:1321)
>         at 
> java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1275)
>         at 
> java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1359)
>         at java.base/java.security.Signature.initSign(Signature.java:635)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to