You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2016/08/05 12:15:20 UTC
[jira] [Resolved] (CXF-6996) "n" in JWK for RSA should be unsigned,
but is signed in JwkUtils.prepareRSAJwk
[ https://issues.apache.org/jira/browse/CXF-6996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-6996.
-----------------------------------
Resolution: Fixed
Assignee: Sergey Beryozkin
Fix Version/s: 3.1.8
3.2.0
> "n" in JWK for RSA should be unsigned, but is signed in JwkUtils.prepareRSAJwk
> ------------------------------------------------------------------------------
>
> Key: CXF-6996
> URL: https://issues.apache.org/jira/browse/CXF-6996
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.7
> Reporter: Svein Otto Solem
> Assignee: Sergey Beryozkin
> Priority: Minor
> Fix For: 3.2.0, 3.1.8
>
>
> The length of the "n" value is 257 bytes for a 2048 bits key length.
> If "n" is handled as an unsigned int, it should be at most 256 bytes.
> The added null byte is caused by BigInteger.toByteArray() which always handles the integer as a signed integer.
> A fix is just to remove all the first 0-bytes in the encodedModulus, see JwkUtils.prepareRSAJwk.
> This fix will surely break clients which just decodes the "n" as an unsigned value using new BigInteger(byte[]) . These clients must be changed to either always insert a leading "0-byte" before using the new BigInteger(byte[]) contstructor, or they should use the BigInteger(signum, magnitude) constructor.
> The extra "sign byte" is mentioned in:
> https://tools.ietf.org/html/rfc7518#page-30
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)