TechQA.

What could cause this BadPaddingException to be thrown from within Java 1.8 Signature.sign()?

25 views Asked by At

I've come across a bizzare problem that has been plagueing me for days now as I cant seem to find the cause. I have a Spring boot application that on request returns some not very sensitive information that has been signed. (example code below) Now whats causing confusion is its runtime behaviour on one of my Ubuntu servers a colleague has. The tests written pass on both my windows machine and on the Ubuntu server but when running I get a BadPaddingException thrown within RSACore.java:200 available to view here: git now for the stripped down code:

Signature signer = Signature.getInstance("SHA1withRSA");
PrivateKey key = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(PRIVATE_KEY_BYTES));
signer.initSign(key);
signer.update(BASE_64_ENCODED_STRING.getBytes());
byte[] bytes = signer.sign();//EXCEPTION IS THROWN HERE WHILST RUNNING ONLY ON UBUNTU SERVER
//returns object that has byte[] 'obj' and Base64.getEncoder().encodeToString(bytes) 'sig';

now what makes this a little more confusing is that it runs and returns correctly the signed oject I expect and it can decoded on windows and mac machines just fine.

A test that runs successfully on both machines is similar to this:

response = callAboveCode(BASE_64_ENCODED_STRING);
Signature verify = Signature.getInstance("SHA1withRSA");
PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(PUBLIC_KEY_BYTES));
verify.initVerify(key);
verify.update(response.obj);
assertTrue(verify.verify(Base64.getDecoder().decode(response.sig)));

I shouldnt need to provide the public or private key byte[]'s here as ive checked on both machines they are identical. Ive also checked that both machines are using the same jdk 1.8 and have identical BASE_64_ENCODED_STRING content fed into the function.

Anything I can try next would be awesome! And if someones come across a similar issue how have you gone about resolving it?

P.S. I cant re-make my public and private keys as they are already in my application and are working as intended if i produce the signed content on a windows machine.

I've tried setting the Signature provider and I get a similar error from BouncyCastleProvider that looks to be throwing at the exact same place/check that the RSACore class does : BouncyCastleSource at the check for arjen lenstras crt attack 'if (!input.equals(result.modPow(e, m)))'

java spring-boot spring-security java-security
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in JAVA-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions