Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3462

Certificate based encryption fails with pdfbox-app

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.8.12, 1.8.13, 2.0.2, 2.0.3, 3.0.0 PDFBox
    • None
    • Crypto
    • None

    Description

      Certificate based encryption fails with pdfbox-app fails with "NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available". The cause (see long explanation here) is that "all JCE provider JARs must be signed before they will be trusted by your Java runtime", i.e. there is no problem when using the bcprov*.jar, only when using a jar that has the bc jar merged into.

      The Encrypt command line application fails as well (only for certificate based encryption).

      To test this, just run this code:

      Security.addProvider(new BouncyCastleProvider());
System.out.println(Arrays.toString(Security.getProviders()));
System.out.println(KeyGenerator.getInstance("1.2.840.113549.3.2", "BC")); // fail

      todo:

      • ✓ better error message
      • adjust website? Remove -certFile option from Encrypt tool?
      • test whether certificate based signing also fails? If yes, better error message no problem

      Attachments

        Activity

          People

            Unassigned Unassigned
            tilman Tilman Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: