On 8/25/20 12:33 PM, Anders Rundgren wrote:
The command
keytool -genkeypair -keyalg ec -keysize 256 -dname "CN=me" -keystore
mycert.jks
using JDK 11 generates the following signature:
220: SEQUENCE
{
222: OBJECT IDENTIFIER ecdsa-with-Sha256 (1.2.840.10045.4.3.2)
232: NULL
}
234: BIT STRING, encapsulates
{
237: SEQUENCE
{
239: INTEGER
71 51 7a 19 ac 22 92 ef 3b 6d f8 1c 5f d6 5f 89
3f 69 bf 84 aa ac a3 00 fb 3e 31 ef 3f b3 ea b4
273: INTEGER
1a 07 d1 24 fd b8 1d c8 70 ca 0d ab 35 b1 d0 d5
b6 e2 b7 d7 02 38 36 63 d6 db ff ea 7f f0 7d a9
}
}
}
AFAICT, "NULL" shouldn't be there although it in practice seems to be
benign
I could be an idea to fix it for EdDSA which I guess suffers from the
same problem.
https://tools.ietf.org/html/rfc5758#section-3.2
Right. The RFC says:
When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
as an AlgorithmIdentifier, the encoding MUST omit the parameters
field.
I'll file a bug.
Did you test EdDSA? Looking at the latest JDK code, I see that EdDSA
does not include NULL.
--Sean
