Zitat von Martijn Brinkers <[email protected]>:
On 10/27/2014 03:45 PM, [email protected] wrote:just curious but i would like to know if Ciphermail latest release is prepared to handle ECC algorithms instead of RSA/DSA according to the RFC 3278/5753?? I'm totaly aware that one needs a ECC PKI chain for this, but just to be sure if this is fully implemented...Bouncycastle seems to support RFC 5753 but I must admin I have not tested ECC certificates yet. I have done some testing with PGP ECC keys although support for ECC PGP keys is only supported by the beta version of GPG 2 so testing was not complete. I will do some tests with ECC certificates. The biggest issue is getting good test cases. Kind regards, Martijn Brinkers
Ok, looks like not working as of today:Import certificate + root-CA is ok, but this looks suspicious when clicking on the cert
Public Key Length
-1
Public Key Algorithm
Unknown
When trying to sign with this cert/key we got the following
03 Nov 2014 17:10:12 | ERROR Error signing the message.
(mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #2]
mitm.common.security.smime.SMIMEBuilderException:
org.bouncycastle.operator.OperatorCreationException: cannot create
signer: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:264)
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:276)
at
mitm.application.djigzo.james.mailets.SMIMESign.serviceMail(SMIMESign.java:414)
at
mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:277)
at
org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424)
at
org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405)
at
org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot
create signer: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown
Source)
at
mitm.common.security.smime.SMIMEBuilderImpl.addSigner(SMIMEBuilderImpl.java:258)
... 7 more
Caused by: java.security.InvalidKeyException: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not
a RSAPrivateKey instance
at
org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown
Source)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1147)
at java.security.Signature.initSign(Signature.java:511)
... 9 more
Thunderbird looks like at least basically working with ECC.
Regards
Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
