1. 技术文章
  2. Error when try to deploy a node: “java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available”

Error when try to deploy a node: “java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available”

眉间皱痕 提交于 2019-12-11 17:06:54

问题


( Previous question: Error when try to deploy a node: "java.lang.IllegalArgumentException: Unrecognised algorithm: 1.2.840.10040.4.1" )

After works I've done as I mentioned in previous question, I receive another error message:

  / ____/     _________/ /___ _
 / /     __  / ___/ __  / __ `/         I had an account with a bank in the
/ /___  /_/ / /  / /_/ / /_/ /          North Pole, but they froze all my assets 
\____/     /_/   \__,_/\__,_/

--- Corda Open Source 2.0.0 (f91995b) -----------------------------------------------



Logs can be found in                    : C:\Corda\logs
Database connection url is              : jdbc:h2:tcp://192.168.1.211:11000/node
[1;31mE 14:25:41+0800 [main] internal.Node.run - Exception during node startup
[m org.bouncycastle.cert.CertException: unable to process signature: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.cert.X509CertificateHolder.isSignatureValid(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at net.corda.node.utilities.X509Utilities.createCertificate$node_main(X509Utilities.kt:281) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:142) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:118) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate$default(X509Utilities.kt:117) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.createCertificate(KeyStoreUtilities.kt:181) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.signAndSaveNewKeyPair(KeyStoreUtilities.kt:189) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity(AbstractNode.kt:652) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity$default(AbstractNode.kt:630) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.makeServices(AbstractNode.kt:387) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.access$makeServices(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:185) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:484) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.inTopLevelTransaction(CordaPersistence.kt:84) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:75) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:65) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.initialiseDatabasePersistence(AbstractNode.kt:483) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.initialiseDatabasePersistence(Node.kt:302) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:184) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.start(Node.kt:312) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:95) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:74) [corda-node-2.0.0.jar:?]
    at net.corda.node.Corda.main(Corda.kt:11) [corda-node-2.0.0.jar:?]
Caused by: org.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at java.security.Signature.getInstance(Unknown Source) ~[?:1.8.0_151]
    at org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createSignature(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.OperatorHelper.createSignature(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more

It looks like my keystore (or key inside) is still missing something, the signature algorithm perhaps.

I did some research and understand what is 1.2.840.113549.1.1.1 Signature from here: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html

Then I searched in keytool documentation: https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature and found out 'NONEwithRSA'.

Afterward I tried to generate keypair with -sigalg NONEwithRSA in my keystore command line, and met the following error message:

> keytool -genkeypair -keyalg RSA -sigalg NONEwithRSA -keystore root.jks -dname "OU=ID, O=My Organization, L=Hong Kong, ST=Hong Kong, C=HK" -storepass password -keypass password -alias root -ext bc:c

Picked up _JAVA_OPTIONS: -Xmx2048M
keytool error: java.security.NoSuchAlgorithmException: unrecognized algorithm name: NONEwithRSA

回答1:


It seems you are using Corda Open Source 2.0.0. Keytool uses by default RSA PKCS 1 (1.2.840.113549.1.1.1), which is not supported by Corda 2.0.0. As far as I know it will be enabled after Corda 3.0. I recommend using ECDSA which is faster and in the same time keys are smaller. That said, change all of your algorithms to:

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA



来源:https://stackoverflow.com/questions/48577556/error-when-try-to-deploy-a-node-java-security-nosuchalgorithmexception-1-2-84

标签
corda
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!