Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9278

SHA512withRSAandMGF1 cannot be used by JackNJI11

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: EJBCA 7.3.1.4, EJBCA 7.4.0
    • Fix Version/s: EJBCA 7.4.1
    • Component/s: None
    • Labels:
    • Environment:
      EJBCA EE eIDAS
      eIDAS Appliance

      Description

      CA using Pkcs11NgCryptoToken (JackNJI11 provider) cannot be created with signing algorithm SHA512withRSAandMGF1.
      Trying to do so gives the following error message:

      Error: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: SHA512 for provider JackNJI11

       

      An eIDAS Appliance customer is planning to do a key ceremony for root CAs using this algorithm in August 2020.

       

      Steps to reproduce:

      1. Generate, initialize and authorize keys in a crypto token of type Pkcs11NgCryptoToken
      2. Go to Create CA
      3. Select Signing Algorithm: SHA512withRSAandMGF1
      4. Select Crypto Token of type Pkcs11NgCryptoToken

       

      Other MGF1 algorithms (SHA256, SHA384) have the same issue.

      Other SHA512 algorithms give the following results:

      • SHA512WithRSA: CA can be created
      • SHA3-512withRSA: Gives the following error:
        • Error: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: 2.16.840.1.101.3.4.3.16 for provider JackNJI11  

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hsunmark Henrik Sunmark
              Reporter:
              Hodell Anton Hodell
              Verified by:
              Jekaterina Bunina
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: