aspose file tools*
The moose likes Security and the fly likes java.security.spec.InvalidKeySpecException: Inappropriate key specification in IBM JDK AIX Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "java.security.spec.InvalidKeySpecException: Inappropriate key specification in IBM JDK AIX" Watch "java.security.spec.InvalidKeySpecException: Inappropriate key specification in IBM JDK AIX" New topic
Author

java.security.spec.InvalidKeySpecException: Inappropriate key specification in IBM JDK AIX

Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Dear Sir/Madam

While executing a Sample Program, we get the following error
in IBM AIX Server, Using IBM JDK

java.security.spec.InvalidKeySpecException: Inappropriate key specification
at com.ibm.crypto.provider.RSAKeyFactory.engineGetKeySpec(Unknown Source)
at java.security.KeyFactory.getKeySpec(KeyFactory.java:164)
at SecurityRSATest.main(SecurityRSATest.java:45)
Exception Message : Inappropriate key specification



Getting error in priv = fact.getKeySpec(privateKey, RSAPrivateKeySpec.class);
It is working well in WIndows platform ORACLE Jdk.



java.security
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO


Kindly let me know to fix this Issue, We have to use RSA alone.


SCJP 1.4 SCWCD 1.4 SCDJWS 1.4
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
The java SDK version in use is :
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap3260sr9fp1-20110208_03(SR9 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 jvmap3260sr9-20110203_74623 (JIT enabled, AOT enabled)
J9VM - 20110203_074623
JIT - r9_20101028_17488ifx3
GC - 20101027_AA)
JCL - 20110203_01
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1109
    
  10

I can't test this on an IBM1.6 but there is no need to go through all those contortions. Try this -


If this throws a class caste exception when you caste to the RSAPrivateKey then the only possibility I can think of is that the default provider is some form of HSM when it is normal for keypair.getPrivate() to return a token (not the actual RSA key) that is used by the HSM to denote which private key is to be used.
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Can you tell us, what is that HSM in detail
Is it a JDK Bug in AIX?
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1109
    
  10

Karthik Rajendiran wrote:Can you tell us, what is that HSM in detail
Is it a JDK Bug in AIX?


HSM - Hardware Security Module - a tamper proof 'box' that performs encryption and decryption. Secret keys and private keys are never exposed in the clear outside of the HSM so cannot be used outside of the HSM and are normally referenced though a handle. The form this handle takes is HSM dependent but the important thing is that one cannot derive the secret key or private key from the handle (which is why the cast would fail); only the HSM knows how to obtain the key from the handle.

I would be interested to know why you need access to the RSA private key exponent. You don't need it to be able to sign or decrypt with the private key using the JCE. You can just use the key returned by keypair.getPrivate() to initialize a Cipher object and then decryption and signing using the Cipher will delegate the operation to the HSM. The only way you would need the private exponent is if you were trying to use it outside of the JCE and this would then defeat the object of using an HSM.

Now if you are not using an HSM then of course all of this is irrelevant to your problem.
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Can you suggest a way to get the Modulus and exponent. as we have done
this logic in many areas of applicable it is not possible to change in all places
and moreover it is a product working in other infrastructure and failing only in IBM JDK
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1109
    
  10

Karthik Rajendiran wrote:Can you suggest a way to get the Modulus and exponent. as we have done
this logic in many areas of applicable it is not possible to change in all places
and moreover it is a product working in other infrastructure and failing only in IBM JDK


You still have not said whether or not you are using an HSM and why you need the private exponent in the first place so it is impossible for me to answer you !

P.S. For RSA the private modulus is the same as the public modulus so you already have it!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: java.security.spec.InvalidKeySpecException: Inappropriate key specification in IBM JDK AIX