7

We can create XML Digital Signature using RSA keys. But how do I use elliptic curve keys to sign xml files ? I get error messages such as -

Exception in thread "main" java.security.KeyException: ECKeyValue not supported
    at org.jcp.xml.dsig.internal.dom.DOMKeyValue$EC.<init>(DOMKeyValue.java:350)
    at org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory.newKeyValue(DOMKeyInfoFactory.java:71)
    at csr.ExtractEC.main(XMLSignatureECTest.java:57)
Caused by: java.lang.ClassNotFoundException: sun/security/ec/ECParameters
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at org.jcp.xml.dsig.internal.dom.DOMKeyValue$EC.getMethods(DOMKeyValue.java:367)
    at org.jcp.xml.dsig.internal.dom.DOMKeyValue$EC$1.run(DOMKeyValue.java:343)
    at org.jcp.xml.dsig.internal.dom.DOMKeyValue$EC$1.run(DOMKeyValue.java:339)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.jcp.xml.dsig.internal.dom.DOMKeyValue$EC.<init>(DOMKeyValue.java:338)
    ... 2 more

I used below code to create SignatureMethod and KeyInfo -

String url = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
        SignatureMethod signatureMethod = factory.newSignatureMethod(url, null);
        SignedInfo signedInfo = factory.newSignedInfo(c14n, signatureMethod, Collections.singletonList(reference));

        PrivateKey privateKey = Utils.generatePrivateEC("e:\\certs\\ec\\ec.key.p8");
        Certificate certificate = Utils.generatePublic("e:\\certs\\ec\\ec.cer");
        KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
        KeyValue keyValue = keyInfoFactory.newKeyValue(certificate.getPublicKey());
        KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue));

JDK - Oracle JDK 8 Security Providers - BouncyCastle and Sun.

user2531191
  • 579
  • 10
  • 27
  • 1
    I do not understand why people just down votes any question, if it they are not interested. They creates problem for the community. – user2531191 Aug 22 '18 at 07:32
  • 3
    it is not just a downvote. There is no [MCVE] no informations about which JDK/JRE you use – Jens Aug 22 '18 at 07:35
  • 3
    Maybe [this](https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8182580) helps – Jens Aug 22 '18 at 10:37
  • 1
    @Jens: Ugh, no workarounds given. – President James K. Polk Aug 22 '18 at 23:21
  • 1
    Really strange what's going on: it fails on Class.forName("sun.security.ec.ECParameters") but if you statically access the same class, or call Class.forName yourself it works, only to fail later in the library call. Are they messing with the class loaders?! – memo Aug 28 '18 at 15:11
  • 1
    Have you seen [this](https://github.com/mulderbaba/xmlsec/blob/master/src/test/java/org/apache/xml/security/test/signature/ECDSASignatureTest.java) test class? It seems you need exactly this... – m4gic Aug 31 '18 at 10:28
  • Can you show how you're creating the `factory`? Also, where is this running? In JBoss, Tomcat, standalone, etc.? – Brian Aug 31 '18 at 15:54
  • @m4gic please post the link in answer so that i can select it as the correct answer and 50 points. Thanks for answer. – user2531191 Sep 01 '18 at 04:47

1 Answers1

1

It seems in this junit test someone is make an example for you.

m4gic
  • 1,461
  • 12
  • 19