Thans for your answer.
Unfortunatly it did not work out as excpeted.
I have the choice of using either blackdown-jdk-1.4.2 or sun-jdk-1.5.
Any of those versions accepts my .p12 key.

Maybe you could be so kind and write me a brief step- by- step of the
required openssl commands, which bring success on your machine.
That would be very kind of you!

Many thanks in advanced!

Regards,

Felix Joussein

Ambarish Mitra schrieb:
> "Unknown key spec: Invalid RSA modulus size" from JVM is due to outdated JVM
> version. JVM should be 1.4 or upwards.
>
>
> -----Original Message-----
> From: owner-openssl-users@openssl.org
> [mailtowner-openssl-users@openssl.org]On Behalf Of Felix Joussein
> Sent: Wednesday, October 04, 2006 2:56 AM
> To: openssl-users@openssl.org
> Subject: using pfx / pkcs12 as keystore
>
>
> Hello List,
>
> Note: The following message has also been posted in java - itext library
> mailing list!
>
>
> I'm struggling now for almost one day with using an openssl generated
> .p12 file as my java keystore.
> I tried a lot of things with openssl and no doubt - I learned a lot, but
> at the end I found out the following:
>
> By the way - I'm using TinyCA as openssl frontend - maybe this is the
> problem but I don't think so...
> Anyway:
> I create a certificate + private key, then export it to a .p12 file - I
> do this on the openssl shell.
> Then I run:
>
> /usr/local/bin/pdfsigner.sh -c=/tmp/my.pfx -p=12345
> -i=/var/spool/pdfprint/smbprn.00000199.eGZuqx.pdf
> -o=/var/spool/pdfprint/Unbenannt1.pdf -v=0
> Exception in thread "main"
> java.security.cert.CertificateParsingException: java.io.IOException:
> subject key, Unknown key spec: Invalid RSA modulus size.
> at sun.security.x509.X509CertInfo.(X509CertInfo.java:155)
> at sun.security.x509.X509CertImpl.parse(X509CertImpl. java:1679)
> at sun.security.x509.X509CertImpl.(X509CertImpl.java:173)
> at
> sun.security.provider.X509Factory.engineGenerateCe rtificate(X509Factory.java
> :90)
> at
> java.security.cert.CertificateFactory.generateCert ificate(CertificateFactory
> .java:389)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(Dash oA12275)
> at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engine Load(DashoA12275)
> at java.security.KeyStore.load(KeyStore.java:652)
> at pdfsigner.sign(pdfsigner.java:109)
> at pdfsigner.main(pdfsigner.java:72)
> Caused by: java.io.IOException: subject key, Unknown key spec: Invalid
> RSA modulus size.
> at sun.security.x509.X509Key.parse(X509Key.java:155)
> at
> sun.security.x509.CertificateX509Key.(CertificateX509Key.java:58)
> at sun.security.x509.X509CertInfo.parse(X509CertInfo. java:706)
> at sun.security.x509.X509CertInfo.(X509CertInfo.java:153)
> ... 9 more
>
>
>
> after importing my .p12 file into Windows XP's certificates, and
> exporting it again to a pfx, my java program, which just has thrown a
> few exceptions and of course did not work, now it does.
>
> Her an excerpt of the relevant code:
>
> KeyStore ks = KeyStore.getInstance("pkcs12");
> try{
> ks.load(new FileInputStream(pfxNameVal),
> pfxPassVal.toCharArray());
> }
> catch (Exception ex) { System.out.println("Error while
> reading the certificate - possible cause: Invalid password\nBelow is the
> detailed error message:");throw ex;}
>
> String alias = (String)ks.aliases().nextElement();
> PrivateKey key = (PrivateKey)ks.getKey(alias,
> pfxPassVal.toCharArray());
> java.security.cert.Certificate[] chain =
> ks.getCertificateChain(alias);
> PdfReader reader = new PdfReader(inPDFVal);
> FileOutputStream fout = new FileOutputStream(outPDFVal);
>
>
> Is there a way to skip the windows part in the process of creating
> Java-suitable pfx's ?
> Thank you all for your help in advanced,
>
>
> Felix Joussein
>
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org