Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6032

Check for incorrectly encoded RSA key in CSR

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Customer

      Description

      EJBCA accepts public RSA keys in CSRs, which are missing the "parameter" field, which should be NULL for RSA keys.

      I can come up with two possible solutions to this:

      • we could add a check of this before accepting the public key, perhaps by extending the new RsaKeyValidator class. For compatibility it should probably be an option, or it could break some clients (e.g. WS clients)
      • we could simply ignore the "parameter" field and just put a NULL there in the final certificate. There's a small risk that this would cause compatibility issues, if someone expects the pubkey in the final certificates to have this non-standard format.

        Attachments

          Issue Links

          relates

          New Feature - A new feature of the product, which has yet to be developed. ECA-4219 Verify public keys before cert issuance

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              samuel Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: