Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9557

SSH Certificate Signer not working with p11

    Details

    • Sprint:
      EJBCA Team Alice - 2020 w50

      Description

      SSH CA's always use Bouncy Castle provider while signing, hence failing to sign with P11 keys. (See EcSigningAlgorithm.getSigner() )

      Caused by: java.security.InvalidKeyException: cannot identify EC private key: java.security.InvalidKeyException: no encoding for EC private key
       at org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.generatePrivateKeyParameter(ECUtil.java:283)
       at org.bouncycastle.jcajce.provider.asymmetric.ec.SignatureSpi.engineInitSign(SignatureSpi.java:44)
       at java.security.Signature$Delegate.engineInitSign(Signature.java:1329)
       at java.security.Signature.initSign(Signature.java:621)
       at org.ejbca.ssh.certificate.signature.ec.EcCertificateSigner.signPayload(EcCertificateSigner.java:57)
       at org.ejbca.ssh.ca.SshCaImpl.generateSshCertificate(SshCaImpl.java:359)
       at org.ejbca.ssh.ca.SshCaImpl.generateCertificate(SshCaImpl.java:248)
      
      

      Provider should be parameterized in order to allow for other signers.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              hsunmark Henrik Sunmark
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Remaining Estimate - 2 days
                  2d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified