Uploaded image for project: 'XML Security Tool - Java'
  1. XML Security Tool - Java
  2. XSTJ-35

cannot sign using EC private key taken from file

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 2.0.0
    • Component/s: None
    • Labels:
      None

      Description

      Although the current version of xmlsectool can sign using EC credentials taken from a Java keystore, it can't do the same thing using the combination of a certificate and private key.

      This is because we call into java-xmltooling's SecurityHelper class to read the private key file, and this in turns uses not-yet-commons-ssl to perform this operation. not-yet-commons-ssl does not support EC private key files, and probably never will.

      Changing java-xmltooling to call something else such as vt-crypt is out of scope for a maintenance mode package, and I don't think it is appropriate to start having XmlSecTool call vt-crypt directly. Instead, we should treat this as soluble only when XmlSecTool is rebased on the V3 stack, which will presumably acquire the ability to process EC keys at some point.

        Attachments

          Activity

            People

            Assignee:
            ian@iay.org.uk Ian Young
            Reporter:
            ian@iay.org.uk Ian Young
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: