Log In
Register
Forum
Topic RSS
13:37, EEST
September 21, 2021
Offline
Bouncy Casle FIPS needs different keys at Signing and Decryption:,
“Exception: Cannot Create Signer: cannot initialize for signing . Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.”
in order to achieve different keys at Signing and Decryption we need to Reregister Keys after Decryption by using new JcaX509v3CertificateBuilder , but its not allowing to reregister keys and giving giving Illegal Key Exception,
until service is restarted as if it maintains cache info in itself. Is this problem with Bouncy Castle FIPS
14:04, EEST
April 3, 2012
Offline
Hi,
Assuming this was related to our OPC UA SDK for java, https://forum.prosysopc.com/forum/opc-ua-java-sdk/ would be proper forum.
OPC UA use same key for both, no can do situation. If you can, pass flag “-Dorg.bouncycastle.rsa.allow_multi_use=true” and it should work.
See https://forum.prosysopc.com/forum/opc-ua-java-sdk/support-for-fips-compliant-bouncy-castle/#p4700 for details.
21:23, EEST
September 21, 2021
Offline
rajat said
Bouncy Casle FIPS needs different keys at Signing and Decryption:,
“Exception: Cannot Create Signer: cannot initialize for signing . Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.”
in order to achieve different keys at Signing and Decryption we need to Reregister Keys after Decryption by using new JcaX509v3CertificateBuilder , but its not allowing to reregister keys and giving giving Illegal Key Exception, java.lang.IllegalArgumentException: improperly specified input name: CN=Cisco SpeechView Client, E=ggnstt11@transcription.cisco.com, O=Cisco Systems, OU=UCBU, C=USuntil service is restarted as if it maintains cache info in itself. Is this problem with Bouncy Castle FIPS
is there any configuration to skip this error..??
10:15, EEST
December 21, 2011
Offline
Copied from the message that Bjarne linked:
You must set the java system property “org.bouncycastle.rsa.allow_multi_use” to “true” in order for it to work. This can be done by example by starting the jvm with the flag “-Dorg.bouncycastle.rsa.allow_multi_use=true”. This is because OPC UA uses the same key for signing and encrypting, which by default is not allowed by the BC FIPS.
21:52, EEST
September 21, 2021
Offline
Configured the system property -Dorg.bouncycastle.rsa.allow_multi_use=true. in build.xml , while creating “sttService.jar”, still facing same error : org.bouncycastle.crypto.IllegalKeyException: Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.
This is code snippet of build/xml of JAR.
Most Users Ever Online: 1919
Currently Online:
36 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 734
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1523
Posts: 6449
Newest Members:
christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16, edgardo3518Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1
