Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3462

Certificate based encryption fails with pdfbox-app

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.8.12, 1.8.13, 2.0.2, 2.0.3, 3.0.0 PDFBox
    • Fix Version/s: None
    • Component/s: Crypto
    • Labels:
      None

      Description

      Certificate based encryption fails with pdfbox-app fails with "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The cause (see long explanation here) is that "all JCE provider JARs must be signed before they will be trusted by your Java runtime", i.e. there is no problem when using the bcprov*.jar, only when using a jar that has the bc jar merged into.

      The Encrypt command line application fails as well (only for certificate based encryption).

      To test this, just run this code:

      Security.addProvider(new BouncyCastleProvider());
      System.out.println(Arrays.toString(Security.getProviders()));
      System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // fail
      

      todo:

      • ✓ better error message
      • adjust website? Remove -certFile option from Encrypt tool?
      • test whether certificate based signing also fails? If yes, better error message no problem

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tilman Tilman Hausherr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: