You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2016/09/19 17:01:20 UTC
[jira] [Updated] (PDFBOX-3462) Certificate based encryption fails
with pdfbox-app
[ https://issues.apache.org/jira/browse/PDFBOX-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr updated PDFBOX-3462:
------------------------------------
Description:
Certificate based encryption fails with pdfbox-app fails with "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The cause (see long explanation [here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E]) is that "all JCE provider JARs must be signed before they will be trusted by your Java runtime", i.e. there is no problem when using the bcprov*.jar, only when using a jar that has the bc jar merged into.
The Encrypt command line application fails as well (only for certificate based encryption).
To test this, just run this code:
{code}
Security.addProvider(new BouncyCastleProvider());
System.out.println(Arrays.toString(Security.getProviders()));
System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // fail
{code}
todo:
- ✓ better error message
- adjust website? Remove -certFile option from Encrypt tool?
- -test whether certificate based signing also fails? If yes, better error message- no problem
was:
Certificate based encryption fails with pdfbox-app fails with "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The cause (see long explanation [here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E]) is that "all JCE provider JARs must be signed before they will be trusted by your Java runtime", i.e. there is no problem when using the bcprov*.jar, only when using a jar that has the bc jar merged into.
The Encrypt command line application fails as well (only for certificate based encryption).
To test this, just run this code:
{code}
Security.addProvider(new BouncyCastleProvider());
System.out.println(Arrays.toString(Security.getProviders()));
System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // fail
{code}
todo:
- better error message
- adjust website? Remove -certFile option from Encrypt tool?
- -test whether certificate based signing also fails? If yes, better error message- no problem
> Certificate based encryption fails with pdfbox-app
> --------------------------------------------------
>
> Key: PDFBOX-3462
> URL: https://issues.apache.org/jira/browse/PDFBOX-3462
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 1.8.12, 1.8.13, 2.0.2, 2.0.3, 2.1.0
> Reporter: Tilman Hausherr
>
> Certificate based encryption fails with pdfbox-app fails with "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The cause (see long explanation [here|https://mail-archives.apache.org/mod_mbox/pdfbox-users/201608.mbox/%3Ce51f59c8-ad42-f6a7-cbf2-f89034b46cff%40t-online.de%3E]) is that "all JCE provider JARs must be signed before they will be trusted by your Java runtime", i.e. there is no problem when using the bcprov*.jar, only when using a jar that has the bc jar merged into.
> The Encrypt command line application fails as well (only for certificate based encryption).
> To test this, just run this code:
> {code}
> Security.addProvider(new BouncyCastleProvider());
> System.out.println(Arrays.toString(Security.getProviders()));
> System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // fail
> {code}
> todo:
> - ✓ better error message
> - adjust website? Remove -certFile option from Encrypt tool?
> - -test whether certificate based signing also fails? If yes, better error message- no problem
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org