Hello List,

Note: The following message has also been posted in java - itext library
mailing list!


I'm struggling now for almost one day with using an openssl generated
..p12 file as my java keystore.
I tried a lot of things with openssl and no doubt - I learned a lot, but
at the end I found out the following:

By the way - I'm using TinyCA as openssl frontend - maybe this is the
problem but I don't think so...
Anyway:
I create a certificate + private key, then export it to a .p12 file - I
do this on the openssl shell.
Then I run:

/usr/local/bin/pdfsigner.sh -c=/tmp/my.pfx -p=12345
-i=/var/spool/pdfprint/smbprn.00000199.eGZuqx.pdf
-o=/var/spool/pdfprint/Unbenannt1.pdf -v=0
Exception in thread "main"
java.security.cert.CertificateParsingException: java.io.IOException:
subject key, Unknown key spec: Invalid RSA modulus size.
at sun.security.x509.X509CertInfo.(X509CertInfo.java:155)
at sun.security.x509.X509CertImpl.parse(X509CertImpl. java:1679)
at sun.security.x509.X509CertImpl.(X509CertImpl.java:173)
at
sun.security.provider.X509Factory.engineGenerateCe rtificate(X509Factory.java:90)
at
java.security.cert.CertificateFactory.generateCert ificate(CertificateFactory.java:389)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(Dash oA12275)
at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engine Load(DashoA12275)
at java.security.KeyStore.load(KeyStore.java:652)
at pdfsigner.sign(pdfsigner.java:109)
at pdfsigner.main(pdfsigner.java:72)
Caused by: java.io.IOException: subject key, Unknown key spec: Invalid
RSA modulus size.
at sun.security.x509.X509Key.parse(X509Key.java:155)
at
sun.security.x509.CertificateX509Key.(CertificateX509Key.java:58)
at sun.security.x509.X509CertInfo.parse(X509CertInfo. java:706)
at sun.security.x509.X509CertInfo.(X509CertInfo.java:153)
... 9 more



after importing my .p12 file into Windows XP's certificates, and
exporting it again to a pfx, my java program, which just has thrown a
few exceptions and of course did not work, now it does.

Her an excerpt of the relevant code:

KeyStore ks = KeyStore.getInstance("pkcs12");
try{
ks.load(new FileInputStream(pfxNameVal),
pfxPassVal.toCharArray());
}
catch (Exception ex) { System.out.println("Error while
reading the certificate - possible cause: Invalid password\nBelow is the
detailed error message:");throw ex;}

String alias = (String)ks.aliases().nextElement();
PrivateKey key = (PrivateKey)ks.getKey(alias,
pfxPassVal.toCharArray());
java.security.cert.Certificate[] chain =
ks.getCertificateChain(alias);
PdfReader reader = new PdfReader(inPDFVal);
FileOutputStream fout = new FileOutputStream(outPDFVal);


Is there a way to skip the windows part in the process of creating
Java-suitable pfx's ?
Thank you all for your help in advanced,


Felix Joussein






--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org