Hi Thomas,
this is exactly what I was stating in a previous post to Joseph:
"Why do you want to SIGN a document with a PUBLIC key? I have never heard of
anything like that. There is no authenticy involved when signing with a public
key, but I guess you know that."
Cheers,
Ulrich
-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 14.06.07 13:52:54
An: <security-dev@xml.apache.org>
Betreff: RE: Encrypt with public key
Hi Ulrich,
You wrote:
> 1. Create a RSAPrivateKeySpec object with the following (the exponents
can be retrieved by any
> object implementing the RSAPublicKey interface):
RSAPrivateKeySpec(BigInteger modulus, BigInteger
> privateExponent) 2. Create a KeyFactory: KeyFactory.getInstance("RSA")
3. Generate the PrivateKey
> object by calling: generatePrivate(KeySpec keySpec), where keySpec ist
the key specification you
> got in step 1.
How is this supposed to work? The public key contains an exponent, but
this is the public not the
private exponent. You may be able to use this to create a private key
with this exponent, but the
usage of such key is questionable.
What should the use case of a signature with a public key be?
My 2ct.
Thomas - speaking for myself and not for my employer.
Software AG - Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt,
Germany, - Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/
Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), David
Broadbent, Mark Edwards, Dr. Peter Kurpick, Alfred Pfaff, Arnd Zinnhardt; -
Aufsichtsratsvorsitzender/ Chairman of the Supervisory Board: Frank F. Beelitz
- http://www.softwareag.com
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!
Mehr Infos unter http://produkte.web.de/club/?mc=021131
