Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Bouncy Castle FIPS implementation
September 21, 2021
13:37, EEST
Avatar
rajat
Member
Members
Forum Posts: 3
Member Since:
September 21, 2021
sp_UserOfflineSmall Offline

Bouncy Casle FIPS needs different keys at Signing and Decryption:,
“Exception: Cannot Create Signer: cannot initialize for signing . Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.”
in order to achieve different keys at Signing and Decryption we need to Reregister Keys after Decryption by using new JcaX509v3CertificateBuilder , but its not allowing to reregister keys and giving giving Illegal Key Exception,
until service is restarted as if it maintains cache info in itself. Is this problem with Bouncy Castle FIPS

September 21, 2021
14:04, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 684
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Assuming this was related to our OPC UA SDK for java, https://forum.prosysopc.com/forum/opc-ua-java-sdk/ would be proper forum.

OPC UA use same key for both, no can do situation. If you can, pass flag “-Dorg.bouncycastle.rsa.allow_multi_use=true” and it should work.
See https://forum.prosysopc.com/forum/opc-ua-java-sdk/support-for-fips-compliant-bouncy-castle/#p4700 for details.

September 21, 2021
21:23, EEST
Avatar
rajat
Member
Members
Forum Posts: 3
Member Since:
September 21, 2021
sp_UserOfflineSmall Offline

rajat said
Bouncy Casle FIPS needs different keys at Signing and Decryption:,
“Exception: Cannot Create Signer: cannot initialize for signing . Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.”
in order to achieve different keys at Signing and Decryption we need to Reregister Keys after Decryption by using new JcaX509v3CertificateBuilder , but its not allowing to reregister keys and giving giving Illegal Key Exception, java.lang.IllegalArgumentException: improperly specified input name: CN=Cisco SpeechView Client, E=ggnstt11@transcription.cisco.com, O=Cisco Systems, OU=UCBU, C=US

until service is restarted as if it maintains cache info in itself. Is this problem with Bouncy Castle FIPS  

is there any configuration to skip this error..??

September 22, 2021
10:15, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 906
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Copied from the message that Bjarne linked:

You must set the java system property “org.bouncycastle.rsa.allow_multi_use” to “true” in order for it to work. This can be done by example by starting the jvm with the flag “-Dorg.bouncycastle.rsa.allow_multi_use=true”. This is because OPC UA uses the same key for signing and encrypting, which by default is not allowed by the BC FIPS.

October 4, 2021
21:52, EEST
Avatar
rajat
Member
Members
Forum Posts: 3
Member Since:
September 21, 2021
sp_UserOfflineSmall Offline

Configured the system property -Dorg.bouncycastle.rsa.allow_multi_use=true. in build.xml , while creating “sttService.jar”, still facing same error : org.bouncycastle.crypto.IllegalKeyException: Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.

This is code snippet of build/xml of JAR.

October 5, 2021
12:48, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 906
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

You must have the property set when you run the application.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 267

Currently Online: Sabari
15 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 111

pramanj: 86

ibrahim: 74

kapsl: 57

gjevremovic: 49

TimK: 41

fred: 41

Xavier: 40

Fransua33: 39

rocket science: 36

Member Stats:

Guest Posters: 0

Members: 1458

Moderators: 17

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1178

Posts: 4983

Newest Members:

ThomasM, louiecrews, wyattcutler005, kristin3354, augustawalpole3, everettpulver, arron51869, roseannagoldschm, moosm, islamaddox

Moderators: Jouni Aro: 906, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 684, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 24, Teppo Uimonen: 21, Markus Johansson: 36, Niklas Nurminen: 0, Matti Siponen: 151, Lusetti: 0

Administrators: admin: 1