Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Gracefulness to leading zeroes appropriate ? #448

New issue
Copy link
New issue
Copy link
Closed
Closed
Gracefulness to leading zeroes appropriate ?#448
Copy link
@ralfhauser

Description

@ralfhauser
ralfhauser
opened on Jan 22, 2019
Issue body actions

From: Ingo Bauersachs notifications@github.com
Sent: Dienstag, 22. Januar 2019 15:43
To: ibauersachs/dnssecjava dnssecjava@noreply.github.com
Cc: ralfhauser hauser@acm.org; Author author@noreply.github.com
Subject: Re: [ibauersachs/dnssecjava] error "Did not match a DS to a DNSKEY" for MX lookup of non-dnssec domain bger.ch (#14)

No, sorry, copy/paste. Seems like Switch generated a signature that has a leading 0, which Java since 1.8.121 rejects. See https://stackoverflow.com/a/40343731/1544715 for details (they talk about RSA but it applies to ECDSA as well). Not sure yet where to satisfy Java's (or BouncyCastle's) stupidity.
java.io.IOException: Invalid encoding: redundant leading 0s
at java.base/sun.security.util.DerInputBuffer.getBigInteger(DerInputBuffer.java:161)
at java.base/sun.security.util.DerValue.getPositiveBigInteger(DerValue.java:558)
at jdk.crypto.ec/sun.security.ec.ECDSASignature.decodeSignature(ECDSASignature.java:491)
at jdk.crypto.ec/sun.security.ec.ECDSASignature.engineVerify(ECDSASignature.java:412)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1247)
at java.base/java.security.Signature.verify(Signature.java:675)
at org.xbill.DNS.DNSSEC.verify(DNSSEC.java:892)
at org.xbill.DNS.DNSSEC.verify(DNSSEC.java:934)
at org.jitsi.dnssec.validator.DnsSecVerifier.verify(DnsSecVerifier.java:198)
at org.jitsi.dnssec.validator.ValUtils.verifyNewDNSKEYs(ValUtils.java:232)
at org.jitsi.dnssec.validator.ValidatingResolver.processDNSKEYResponse(ValidatingResolver.java:982)
at org.jitsi.dnssec.validator.ValidatingResolver.processFindKey(ValidatingResolver.java:779)
at org.jitsi.dnssec.validator.ValidatingResolver.processDSResponse(ValidatingResolver.java:967)
at org.jitsi.dnssec.validator.ValidatingResolver.processFindKey(ValidatingResolver.java:772)
at org.jitsi.dnssec.validator.ValidatingResolver.processDNSKEYResponse(ValidatingResolver.java:994)
at org.jitsi.dnssec.validator.ValidatingResolver.processFindKey(ValidatingResolver.java:779)
at org.jitsi.dnssec.validator.ValidatingResolver.prepareFindKey(ValidatingResolver.java:715)
at org.jitsi.dnssec.validator.ValidatingResolver.validateAnswerAndGetWildcards(ValidatingResolver.java:390)
at org.jitsi.dnssec.validator.ValidatingResolver.validatePositiveResponse(ValidatingResolver.java:257)
at org.jitsi.dnssec.validator.ValidatingResolver.processValidate(ValidatingResolver.java:1047)
at org.jitsi.dnssec.validator.ValidatingResolver.send(ValidatingResolver.java:1236)
at org.jitsi.dnssec.Example.sendAndPrint(Example.java:37)
at org.jitsi.dnssec.Example.main(Example.java:31)

You are receiving this because you authored the thread.
Reply to this email directly, view it on ibauersachs/dnssecjava#14 (comment), or mute the thread.

Reactions are currently unavailable

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.