#3142 CRMFPopClient displays/save negative private key id
Closed: migrated 3 years ago by dmoluguw. Opened 4 years ago by cipherboy.

Description of problem:

Here , CRMFPopClient displays negative keyid and in the file also it adds negative keyid.

[root@master test]# CRMFPopClient -d abc -p Secret123 -n "uid=test10200,cn=test10200" -a ec -c nistp256 -o Democrmf1.b64 -t false -y true
Keypair private key id: -25065582f755a4a799ecfa6e6d1c0b81a9cd1e9d
CRMFPopClient: use_shared_secret true. Generating SubjectKeyIdentifier extension.
CryptoUtil: createKeyIdentifier: begins
Storing CRMF request into Democrmf1.b64
Storing CRMF request key id into Democrmf1.b64.keyId


[root@master test]#  certutil -K -d /tmp/test/abc
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> ec       daf9aa7d08aa5b586613059192e3f47e5632e163   (orphan)


[root@master test]# cat Democrmf1.b64.keyId
-25065582f755a4a799ecfa6e6d1c0b81a9cd1e9d

Version-Release number of selected component (if applicable):
pki --version
PKI Command-Line Interface 10.5.9-10.el7_6

How reproducible:

always

Steps to Reproduce:
1.Run CRMFPopClient and see when it generates negative keyid.
2.
3.

Actual results:

Expected results:

Expecting same value of key id in nssdb and the printed one.
Additional info:


Metadata Update from @cipherboy:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1671044
- Custom field type adjusted to None
- Custom field version adjusted to None

4 years ago

Note, I might've fixed this a while back:

commit 26dd32546a10fd2e86d8102385be3df5de198cde
Author: Alexander Scheel <ascheel@redhat.com>
Date:   Fri Mar 29 15:01:48 2019 -0400

    Return positive BigIntegers

    Several of the usages of BigIntegers lead to the potential of negative
    numbers, though only positive numbers should be returned.

    PK11RSAPublicKey's getModulus() and getPublicExponent() methods can
    potentially return negative values, when both the modulus and exponent
    should be strictly positive.

    PK11PrivKey's getDSAParams() could return negative values depending on
    the PQG parameters.

    The Key Identifiers printed by tests.CloseDBs should be positive (as
    they're UIDs) but could be displayed as negative values; the same
    happens in crmf.CertReqMsg.

    Signed-off-by: Alexander Scheel <ascheel@redhat.com>

It probably just needs a re-test.

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3259

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata