1

So i'm reading the certificate, privatekey..etc from a usb dongle and i try to sign a pdf, but it gives me the following exception :

Exception in thread "main" java.security.InvalidKeyException: Supplied key (sun.security.mscapi.CPrivateKey) is not a RSAPrivateKey instance
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
    at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370)
    at java.base/java.security.Signature.initSign(Signature.java:635)
    at com.itextpdf.text.pdf.security.PrivateKeySignature.sign(PrivateKeySignature.java:114)

Here i'm using the com.itextpdf.text library (MakeSignature, ExternalSignature and some other classes) and this is what my -main- code looks like :

KeyStore keyStore = KeyStore.getInstance("Windows-MY");
        keyStore.load(null, password.toCharArray());
        InputStream in = new ByteArrayInputStream(keyStore.aliases().nextElement().getBytes(StandardCharsets.UTF_8));
        keyStore.load(in, password.toCharArray());

        String alias = keyStore.aliases().nextElement();
        PrivateKey pk = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        java.security.cert.Certificate[] chain =  keyStore.getCertificateChain(alias);
        BouncyCastleProvider provider = new BouncyCastleProvider();
        Security.addProvider(provider);
        ExternalDigest digest = new BouncyCastleDigest();

        ExternalSignature signature = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
        System.out.println(signature.getEncryptionAlgorithm());
        System.out.println(signature.getHashAlgorithm());
        MakeSignature.signDetached(appearance, digest, signature, chain, null, null, null,
                0, MakeSignature.CryptoStandard.CADES);
        pdf.close();
        reader.close();
        os.close();

what i want to know is where does the incompatibility lay ?? is it between the pk algorithm and the provider ?
or is it between the signing class and the pk ? cuz afterall i get the privatekey from the dongle and i cannot change it! Which would mean i need to change something else in my program.

Imrane Akkouh
  • 64
  • 4
  • Welcome to Stack Overflow. Please take the [tour] to learn how Stack Overflow works and read [ask] on how to improve the quality of your question. Then [edit] your question to include your source code as a working [mcve], which can be compiled and tested by others. – Progman Dec 29 '21 at 13:14
  • 1
    The incompatibility is between the provider you specified (BouncyCastle aka BC) and the key which is accessed _in_ the dongle (not read from it) using the _SunMSCAPI_ provider. **Specify SunMSCAPI instead.** – dave_thompson_085 Dec 29 '21 at 19:39
  • @dave_thompson_085 that was indeed the problem, i got it working after specifying SunMSCAPI whith bouncycastle constructor.. thank you – Imrane Akkouh Dec 30 '21 at 15:49
  • 2
    @ImraneAkkouh If you have a working solution feel free to post it as answer, so other developer running into the same problem can understand how to solve this problem. – Robert Jan 01 '22 at 17:15

0 Answers0