Description of problem:
Here , CRMFPopClient displays negative keyid and in the file also it adds negative keyid.
CRMFPopClient
[root@master test]# CRMFPopClient -d abc -p Secret123 -n "uid=test10200,cn=test10200" -a ec -c nistp256 -o Democrmf1.b64 -t false -y true Keypair private key id: -25065582f755a4a799ecfa6e6d1c0b81a9cd1e9d CRMFPopClient: use_shared_secret true. Generating SubjectKeyIdentifier extension. CryptoUtil: createKeyIdentifier: begins Storing CRMF request into Democrmf1.b64 Storing CRMF request key id into Democrmf1.b64.keyId [root@master test]# certutil -K -d /tmp/test/abc certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" Enter Password or Pin for "NSS Certificate DB": < 0> ec daf9aa7d08aa5b586613059192e3f47e5632e163 (orphan) [root@master test]# cat Democrmf1.b64.keyId -25065582f755a4a799ecfa6e6d1c0b81a9cd1e9d
Version-Release number of selected component (if applicable): pki --version PKI Command-Line Interface 10.5.9-10.el7_6
How reproducible:
always
Steps to Reproduce: 1.Run CRMFPopClient and see when it generates negative keyid. 2. 3.
Actual results:
Expected results:
Expecting same value of key id in nssdb and the printed one. Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1671044
Metadata Update from @cipherboy: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1671044 - Custom field type adjusted to None - Custom field version adjusted to None
Note, I might've fixed this a while back:
commit 26dd32546a10fd2e86d8102385be3df5de198cde Author: Alexander Scheel <ascheel@redhat.com> Date: Fri Mar 29 15:01:48 2019 -0400 Return positive BigIntegers Several of the usages of BigIntegers lead to the potential of negative numbers, though only positive numbers should be returned. PK11RSAPublicKey's getModulus() and getPublicExponent() methods can potentially return negative values, when both the modulus and exponent should be strictly positive. PK11PrivKey's getDSAParams() could return negative values depending on the PQG parameters. The Key Identifiers printed by tests.CloseDBs should be positive (as they're UIDs) but could be displayed as negative values; the same happens in crmf.CertReqMsg. Signed-off-by: Alexander Scheel <ascheel@redhat.com>
It probably just needs a re-test.
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3259
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.