hello,
i have been trying to use JSS in my project, but i'm having issues using the
java Signature class to sign. the issue i'm having is that i can't call
Signature.sign() more than once after i call Signature.init(). it fails on
Signature.update() call after i do Signature.sign(). this is the stack trace
java.security.SignatureException: Signature is not initialized
at
org.mozilla.jss.pkcs11.PK11Signature.engineUpdate(PK11Signature.java:219)
at org.mozilla.jss.crypto.Signature.update(Signature.java:197)
at
org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineUpdate(JSSSignatureSpi.java:145)
at java.security.Signature$Delegate.engineUpdate(Signature.java:1118)
at java.security.Signature.update(Signature.java:684)
at java.security.Signature.update(Signature.java:667)
according to the javadocs for Signature.sign() i should be able to call
Signature.update() again after i call Signature.sign(), but that doesn't seem
to be the case.
Signature.sign() - "A call to this method resets this signature object to the
state it was in when previously initialized for signing via a call to
initSign(PrivateKey). That is, the object is reset and available to generate
another signature from the same signer, if desired, via new calls to update and
sign. "
here is some sample code to show the behavior i am seeing. to run it, you have
to initialize the database in new File("signature-cache/dbfile") and the
password file new File("signature-cache/password").
public static void main(String[] args) throws KeyDatabaseException,
CertDatabaseException,
AlreadyInitializedException, GeneralSecurityException,
NotInitializedException,
IOException {
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues(new File(
"signature-cache/signature-db").getAbsolutePath());
vals.removeSunProvider = true;
CryptoManager.initialize(vals);
CryptoManager manager = CryptoManager.getInstance();
manager.setPasswordCallback(new FilePasswordCallback(new
File("signature-cache/password")
.getAbsolutePath()));
KeyPairGenerator kpgen = KeyPairGenerator.getInstance("DSA");
kpgen.initialize(1024);
KeyPair keyPair = kpgen.generateKeyPair();
Signature signer = Signature.getInstance("SHA-1/DSA");
// init
signer.initSign(keyPair.getPrivate());
// sign
signer.update("foo".getBytes());
signer.sign();
System.out.println("signed foo");
// sign again, and should let me update
signer.update("bar".getBytes()); // this is where it fails
signer.sign();
System.out.println("signed bar");
}
i looked at the source code for PK11Signature.engineSign() at
http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/pkcs11/PK11Signature.java,
and it looks like it is setting the state=UNINITIALIZED and sigContext=null
after signing. is this intentional? it doesn't seem to match the expected
behavior of the Signature class.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
