Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

extend elliptic curve support beyond current platforms

Description

Although elliptic curve support is intended as an experimental feature for project use rather than a more general facility (which means, for example, that it's OK to restrict it to keys that the V2 stack can provide) it would be good to be able to use it on platforms other than Mac OS X.

At the moment, EC signature appears to work on Mac OS X using the Oracle Java 7 JDK. It doesn't appear to work on Linux using either the Java 6 or Java 7 OpenJDK implementations.

The error messages in the latter case imply that there's a Sun EC provider that isn't included in those environments, but we need to look at it in more depth.

Environment

None

Activity

Show:

Ian Young June 27, 2016 at 12:59 PM

Follow-on ticket is XSTJ-65.

Ian Young June 27, 2016 at 12:55 PM

It's disappointing that they appear to be making this worse as time goes by. For the 2.0.0 release, I am going to address this by writing some documentation for the wiki space indicating how to work round it. I'll open a new ticket to track this post 2.0.0 and we can look at it again in the future if it looks like users are actually adopting ECDSA.

Takeshi Nishimura June 23, 2016 at 10:35 AM

I'm afraid OpenJDK 8 on CentOS 7 will encounter the same trouble soon.
https://bugzilla.redhat.com/show_bug.cgi?id=1245810

Ian Young June 7, 2016 at 4:54 PM

Done, commit 491eb68eb15fc04ab0b83967f22a82597a57807e.

Ian Young June 7, 2016 at 3:39 PM

Write once, run anywhere.

My strategy:

On startup, try and get an Signature.getInstance("SHA256withECDSA").

If you can't (there is no provider claiming to do ECC) then Security.addProvider(new BouncyCastleProvider());

This will work except in the case where there is an EC provider which doesn't actually work.

Have the EC tests not run if (a) OpenJDK (b) 7 (c) SunEC present.

Document the case that doesn't work. Have people delete the .so file or remove the line from java.security if they really want to do ECC in the case where the system's broken. If they do that, the BC provider will be added in and all will be well.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Fix versions

Affects versions

Created April 18, 2013 at 7:44 AM
Updated June 28, 2016 at 11:30 AM
Resolved June 7, 2016 at 5:05 PM
Configure

Flag notifications