You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by huang zhimin <fl...@gmail.com> on 2008/03/21 17:37:24 UTC

encrypt with pkcs12 private key

I use BouncyCastleProvider to get a private key from a p12 file, when i use
the private key to encrypt xml document, i get the exception as follows:

org.apache.xml.security.signature.XMLSignatureException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
Original Exception was java.security.InvalidKeyException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey

does it mean that xml security do not support pkcs12 keystore?

-- 
My msn spaces: http://flyerhzm.spaces.live.com

Re: encrypt with pkcs12 private key

Posted by huang zhimin <fl...@gmail.com>.

I'm sorry, it should be using the BC PrivateKey to sign a document.
Can you tell me how to configure provider when signing?

On Sat, Mar 22, 2008 at 3:57 AM, Sean Mullan <Se...@sun.com> wrote:

> It sounds as if you may be using the BC PrivateKey with a provider that
> doesn't support it. Have you also configured your providers such that
> BouncyCastle is used when signing?
>
> --Sean
>
> Jesse Pelton wrote:
> > D'oh. I should have noticed that. I imagine the intent really is to sign
> > with a private key, which of course makes perfect sense.
> >
> > Assuming that's the case, can anyone answer the question?
> >
> > ------------------------------------------------------------------------
> > *From:* Brent Putman [mailto:putmanb@georgetown.edu]
> > *Sent:* Friday, March 21, 2008 3:02 PM
> > *To:* security-dev@xml.apache.org
> > *Subject:* Re: encrypt with pkcs12 private key
> >
> > Also, you said "encryption", but the exceptions below seem to indicate
> > that you are trying to sign, not encrypt.
> >
> >
> > Jesse Pelton wrote:
> >> Why would you want to encrypt with a private key? Anyone with the
> >> corresponding public key (which is, after all, public) can decrypt the
> >> message, rendering the encryption useless.
> >>
> >>
> ------------------------------------------------------------------------
> >> *From:* huang zhimin [mailto:flyerhzm@gmail.com]
> >> *Sent:* Friday, March 21, 2008 12:37 PM
> >> *To:* security-dev@xml.apache.org
> >> *Subject:* encrypt with pkcs12 private key
> >>
> >> I use BouncyCastleProvider to get a private key from a p12 file, when
> >> i use the private key to encrypt xml document, i get the exception as
> >> follows:
> >>
> >> org.apache.xml.security.signature.XMLSignatureException: No installed
> >> provider supports this key:
> >> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
> >> Original Exception was
> >> org.apache.xml.security.signature.XMLSignatureException: No installed
> >> provider supports this key:
> >> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
> >> Original Exception was java.security.InvalidKeyException: No installed
> >> provider supports this key:
> >> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
> >>
> >> does it mean that xml security do not support pkcs12 keystore?
> >>
> >> --
> >> My msn spaces: http://flyerhzm.spaces.live.com
>
>


-- 
My msn spaces: http://flyerhzm.spaces.live.com

Re: encrypt with pkcs12 private key

Posted by Sean Mullan <Se...@Sun.COM>.

It sounds as if you may be using the BC PrivateKey with a provider that 
doesn't support it. Have you also configured your providers such that 
BouncyCastle is used when signing?

--Sean

Jesse Pelton wrote:
> D'oh. I should have noticed that. I imagine the intent really is to sign 
> with a private key, which of course makes perfect sense.
>  
> Assuming that's the case, can anyone answer the question?
> 
> ------------------------------------------------------------------------
> *From:* Brent Putman [mailto:putmanb@georgetown.edu]
> *Sent:* Friday, March 21, 2008 3:02 PM
> *To:* security-dev@xml.apache.org
> *Subject:* Re: encrypt with pkcs12 private key
> 
> Also, you said "encryption", but the exceptions below seem to indicate 
> that you are trying to sign, not encrypt.
> 
> 
> Jesse Pelton wrote:
>> Why would you want to encrypt with a private key? Anyone with the 
>> corresponding public key (which is, after all, public) can decrypt the 
>> message, rendering the encryption useless.
>>
>> ------------------------------------------------------------------------
>> *From:* huang zhimin [mailto:flyerhzm@gmail.com]
>> *Sent:* Friday, March 21, 2008 12:37 PM
>> *To:* security-dev@xml.apache.org
>> *Subject:* encrypt with pkcs12 private key
>>
>> I use BouncyCastleProvider to get a private key from a p12 file, when 
>> i use the private key to encrypt xml document, i get the exception as 
>> follows:
>>
>> org.apache.xml.security.signature.XMLSignatureException: No installed 
>> provider supports this key: 
>> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
>> Original Exception was 
>> org.apache.xml.security.signature.XMLSignatureException: No installed 
>> provider supports this key: 
>> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
>> Original Exception was java.security.InvalidKeyException: No installed 
>> provider supports this key: 
>> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
>>
>> does it mean that xml security do not support pkcs12 keystore?
>>
>> -- 
>> My msn spaces: http://flyerhzm.spaces.live.com

RE: encrypt with pkcs12 private key

Posted by Jesse Pelton <js...@PKC.com>.

D'oh. I should have noticed that. I imagine the intent really is to sign
with a private key, which of course makes perfect sense.
 
Assuming that's the case, can anyone answer the question?

________________________________

From: Brent Putman [mailto:putmanb@georgetown.edu] 
Sent: Friday, March 21, 2008 3:02 PM
To: security-dev@xml.apache.org
Subject: Re: encrypt with pkcs12 private key


Also, you said "encryption", but the exceptions below seem to indicate
that you are trying to sign, not encrypt.


Jesse Pelton wrote: 

	Why would you want to encrypt with a private key? Anyone with
the corresponding public key (which is, after all, public) can decrypt
the message, rendering the encryption useless.

________________________________

	From: huang zhimin [mailto:flyerhzm@gmail.com] 
	Sent: Friday, March 21, 2008 12:37 PM
	To: security-dev@xml.apache.org
	Subject: encrypt with pkcs12 private key
	
	
	I use BouncyCastleProvider to get a private key from a p12 file,
when i use the private key to encrypt xml document, i get the exception
as follows:
	
	org.apache.xml.security.signature.XMLSignatureException: No
installed provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
	Original Exception was
org.apache.xml.security.signature.XMLSignatureException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
	Original Exception was java.security.InvalidKeyException: No
installed provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
	
	does it mean that xml security do not support pkcs12 keystore?
	
	-- 
	My msn spaces: http://flyerhzm.spaces.live.com

Re: encrypt with pkcs12 private key

Posted by Brent Putman <pu...@georgetown.edu>.

Also, you said "encryption", but the exceptions below seem to indicate 
that you are trying to sign, not encrypt.


Jesse Pelton wrote:
> Why would you want to encrypt with a private key? Anyone with the 
> corresponding public key (which is, after all, public) can decrypt the 
> message, rendering the encryption useless.
>
> ------------------------------------------------------------------------
> *From:* huang zhimin [mailto:flyerhzm@gmail.com]
> *Sent:* Friday, March 21, 2008 12:37 PM
> *To:* security-dev@xml.apache.org
> *Subject:* encrypt with pkcs12 private key
>
> I use BouncyCastleProvider to get a private key from a p12 file, when 
> i use the private key to encrypt xml document, i get the exception as 
> follows:
>
> org.apache.xml.security.signature.XMLSignatureException: No installed 
> provider supports this key: 
> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
> Original Exception was 
> org.apache.xml.security.signature.XMLSignatureException: No installed 
> provider supports this key: 
> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
> Original Exception was java.security.InvalidKeyException: No installed 
> provider supports this key: 
> org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
>
> does it mean that xml security do not support pkcs12 keystore?
>
> -- 
> My msn spaces: http://flyerhzm.spaces.live.com

RE: encrypt with pkcs12 private key

Posted by Jesse Pelton <js...@PKC.com>.

Why would you want to encrypt with a private key? Anyone with the
corresponding public key (which is, after all, public) can decrypt the
message, rendering the encryption useless.

________________________________

From: huang zhimin [mailto:flyerhzm@gmail.com] 
Sent: Friday, March 21, 2008 12:37 PM
To: security-dev@xml.apache.org
Subject: encrypt with pkcs12 private key


I use BouncyCastleProvider to get a private key from a p12 file, when i
use the private key to encrypt xml document, i get the exception as
follows:

org.apache.xml.security.signature.XMLSignatureException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
Original Exception was java.security.InvalidKeyException: No installed
provider supports this key:
org.bouncycastle.jce.provider.JCERSAPrivateCrtKey

does it mean that xml security do not support pkcs12 keystore?

-- 
My msn spaces: http://flyerhzm.spaces.live.com