java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl

Hello!

I’m using an EV certificate from SSL.com. The latest code after the fix for #105 made some progress, but still goes wrong somewhere. The Yubikey blinks briefly, but then jsign fails with this:

$ ./jsign.sh --keystore /home/vadim/etoken.cfg  --alias "X.509 Certificate for PIV Authentication" --storetype YUBIKEY --storepass $PASS  --tsaurl http://ts.ssl.com --tsmode RFC3161 nxproxy.exe
Adding Authenticode signature to nxproxy.exe
jsign: Couldn't sign nxproxy.exe
net.jsign.bouncycastle.cms.CMSException: can't create content verifier: exception on setup: java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl
	at net.jsign.bouncycastle.cms.SignerInformation.doVerify(Unknown Source)
	at net.jsign.bouncycastle.cms.SignerInformation.verify(Unknown Source)
	at net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:376)
	at net.jsign.AuthenticodeSigner.sign(AuthenticodeSigner.java:342)
	at net.jsign.SignerHelper.sign(SignerHelper.java:506)
	at net.jsign.JsignCLI.execute(JsignCLI.java:116)
	at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: net.jsign.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl
	at net.jsign.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignature(Unknown Source)
	at net.jsign.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$300(Unknown Source)
	at net.jsign.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source)
	at net.jsign.bouncycastle.cms.SignerInformationVerifier.getContentVerifier(Unknown Source)
	... 7 more
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl
	at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1303)
	at java.base/java.security.Signature$Delegate.engineInitVerify(Signature.java:1349)
	at java.base/java.security.Signature.initVerify(Signature.java:506)
	... 11 more

Some research suggests one of these might be related:

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4953555 https://stackoverflow.com/questions/41534827/java-signature-object-no-installed-provider-supports-this-key-sun-security-rs

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:12 (3 by maintainers)

Top GitHub Comments

1reaction

ebourgcommented, Jan 27, 2022

Good to hear it works. I’ll try to add more checks.

0reactions

Spencer-Arbourcommented, Jul 13, 2022

Hi, I am running into this issue when using google cloud and ssl.com @devsibwarra can you go into more detail about what fixed it for you? I don’t understand what you mean by the correct cert bundle.

Top Results From Across the Web

No installed provider supports this key: sun.security.rsa ...

You can't use SHA1withDSA with an RSA key. Change signature algorithm to SHA1withRSA or generate a DSA key instea.

"No installed provider supports this key" when checking a RSA ...

InvalidKeyException : No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl at java.security.Signature$Delegate.

No installed provider: sun.security.ras.RSAPublicKeyImpl

java.security.InvalidKeyException: No installed provider supports this key: sun. security.rsa.RSAPublicKeyImpl. I tried doing a. Security.

No installed provider supports key RSAPublicKeyImpl

Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.rsa.RSAPublicKeyImpl at javax.crypto.

JDK-8180819 No installed provider supports this key: sun ...

Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs.PKCS8Key at java.security.Signature$Delegate.