尝试部署节点时出错:"java.security.NoSuchAlgorithmException:1.2.840.113549.1.1.1签名不可用". [英] Error when try to deploy a node: "java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available"

查看:99
本文介绍了尝试部署节点时出错:"java.security.NoSuchAlgorithmException:1.2.840.113549.1.1.1签名不可用".的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

(上一个问题:尝试时出错部署节点:"java.lang.IllegalArgumentException:无法识别的算法:1.2.840.10040.4.1" )

在完成上一个问题中提到的工作后,我收到另一条错误消息:

After works I've done as I mentioned in previous question, I receive another error message:

  / ____/     _________/ /___ _
 / /     __  / ___/ __  / __ `/         I had an account with a bank in the
/ /___  /_/ / /  / /_/ / /_/ /          North Pole, but they froze all my assets 
\____/     /_/   \__,_/\__,_/

--- Corda Open Source 2.0.0 (f91995b) -----------------------------------------------



Logs can be found in                    : C:\Corda\logs
Database connection url is              : jdbc:h2:tcp://192.168.1.211:11000/node
[1;31mE 14:25:41+0800 [main] internal.Node.run - Exception during node startup
[m org.bouncycastle.cert.CertException: unable to process signature: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.cert.X509CertificateHolder.isSignatureValid(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at net.corda.node.utilities.X509Utilities.createCertificate$node_main(X509Utilities.kt:281) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:142) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:118) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate$default(X509Utilities.kt:117) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.createCertificate(KeyStoreUtilities.kt:181) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.signAndSaveNewKeyPair(KeyStoreUtilities.kt:189) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity(AbstractNode.kt:652) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity$default(AbstractNode.kt:630) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.makeServices(AbstractNode.kt:387) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.access$makeServices(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:185) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:484) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.inTopLevelTransaction(CordaPersistence.kt:84) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:75) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:65) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.initialiseDatabasePersistence(AbstractNode.kt:483) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.initialiseDatabasePersistence(Node.kt:302) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:184) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.start(Node.kt:312) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:95) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:74) [corda-node-2.0.0.jar:?]
    at net.corda.node.Corda.main(Corda.kt:11) [corda-node-2.0.0.jar:?]
Caused by: org.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at java.security.Signature.getInstance(Unknown Source) ~[?:1.8.0_151]
    at org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createSignature(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.OperatorHelper.createSignature(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more

看起来我的密钥库(或内部密钥)仍然缺少某些东西,也许是签名算法.

It looks like my keystore (or key inside) is still missing something, the signature algorithm perhaps.

我做了一些研究,并从这里了解了1.2.840.113549.1.1.1的签名: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html

I did some research and understand what is 1.2.840.113549.1.1.1 Signature from here: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html

然后,我在关键工具文档中进行了搜索:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature 并发现"NONEwithRSA".

Then I searched in keytool documentation: https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature and found out 'NONEwithRSA'.

然后,我尝试在密钥库命令行中使用 -sigalg NONEwithRSA 生成密钥对,并遇到以下错误消息:

Afterward I tried to generate keypair with -sigalg NONEwithRSA in my keystore command line, and met the following error message:

> keytool -genkeypair -keyalg RSA -sigalg NONEwithRSA -keystore root.jks -dname "OU=ID, O=My Organization, L=Hong Kong, ST=Hong Kong, C=HK" -storepass password -keypass password -alias root -ext bc:c

Picked up _JAVA_OPTIONS: -Xmx2048M
keytool error: java.security.NoSuchAlgorithmException: unrecognized algorithm name: NONEwithRSA

推荐答案

似乎您正在使用Corda Open Source 2.0.0.默认情况下,Keytool使用RSA PKCS 1(1.2.840.113549.1.1.1),而Corda 2.0.0不支持.据我所知,它将在Corda 3.0之后启用.我建议使用ECDSA,它速度更快,同时密钥也更小.也就是说,将所有算法更改为:

It seems you are using Corda Open Source 2.0.0. Keytool uses by default RSA PKCS 1 (1.2.840.113549.1.1.1), which is not supported by Corda 2.0.0. As far as I know it will be enabled after Corda 3.0. I recommend using ECDSA which is faster and in the same time keys are smaller. That said, change all of your algorithms to:

keytool -genkeypair -keyalg EC -keysize 256 -siglg SHA256withECDSA

这篇关于尝试部署节点时出错:"java.security.NoSuchAlgorithmException:1.2.840.113549.1.1.1签名不可用".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆