"Unknown key spec: Invalid RSA modulus size" from JVM is due to outdated JVM version. JVM should be 1.4 or upwards.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Felix Joussein Sent: Wednesday, October 04, 2006 2:56 AM To: openssl-users@openssl.org Subject: using pfx / pkcs12 as keystore Hello List, Note: The following message has also been posted in java - itext library mailing list! I'm struggling now for almost one day with using an openssl generated .p12 file as my java keystore. I tried a lot of things with openssl and no doubt - I learned a lot, but at the end I found out the following: By the way - I'm using TinyCA as openssl frontend - maybe this is the problem but I don't think so... Anyway: I create a certificate + private key, then export it to a .p12 file - I do this on the openssl shell. Then I run: /usr/local/bin/pdfsigner.sh -c=/tmp/my.pfx -p=12345 -i=/var/spool/pdfprint/smbprn.00000199.eGZuqx.pdf -o=/var/spool/pdfprint/Unbenannt1.pdf -v=0 Exception in thread "main" java.security.cert.CertificateParsingException: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size. at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:155) at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1679) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java :90) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory .java:389) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275) at java.security.KeyStore.load(KeyStore.java:652) at pdfsigner.sign(pdfsigner.java:109) at pdfsigner.main(pdfsigner.java:72) Caused by: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size. at sun.security.x509.X509Key.parse(X509Key.java:155) at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:58) at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:706) at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:153) ... 9 more after importing my .p12 file into Windows XP's certificates, and exporting it again to a pfx, my java program, which just has thrown a few exceptions and of course did not work, now it does. Her an excerpt of the relevant code: KeyStore ks = KeyStore.getInstance("pkcs12"); try{ ks.load(new FileInputStream(pfxNameVal), pfxPassVal.toCharArray()); } catch (Exception ex) { System.out.println("Error while reading the certificate - possible cause: Invalid password\nBelow is the detailed error message:");throw ex;} String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, pfxPassVal.toCharArray()); java.security.cert.Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader(inPDFVal); FileOutputStream fout = new FileOutputStream(outPDFVal); Is there a way to skip the windows part in the process of creating Java-suitable pfx's ? Thank you all for your help in advanced, Felix Joussein -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
