-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.3.101.112 Signature not available #1265
Comments
if ("1.3.101.112".equals(publicKey.getAlgorithm())) {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); // remove AOSP BC
Security.addProvider(new BouncyCastleProvider());
var factory = KeyFactory.getInstance("ED25519");
var encoded = new X509EncodedKeySpec(publicKey.getEncoded());
publicKey = factory.generatePublic(encoded);
}
cert.verify(publicKey);
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); // avoid next getCertificateChain failure Now I use this workaround, but it's too dirty |
aosp-mirror/platform_frameworks_base@51d7088 https://android-review.googlesource.com/c/platform/frameworks/base/+/2135614/comment/eac61ef5_23221905/ |
I think that comment is incorrect - Conscrypt doesn't implement Ed25519 (yet!). It sounds to me it is Android Keystore that is returning public keys with those types. Unfortunately currently the only way to verify those signatures will be via BC... It's a shame there's no way to install BC under a different name so you don't have to jump through those install/uninstall hoops. We have a patch for that on Android, I'll try and upstream it to BC. |
https://cs.android.com/android/platform/superproject/main/+/main:frameworks/base/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java;l=72
Android hardcodes that value (https://cs.android.com/android/platform/superproject/main/+/main:frameworks/base/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java;l=256), so I can't replace conscrypt with BC, but it can't be used to verify the certificate signature: 1.3.101.112 Signature not available
The text was updated successfully, but these errors were encountered: