My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 19: Util.getPublicKey/getPrivateKey sometimes reads a truncated DSA key
3 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


 
Reported by thilopl...@googlemail.com, May 23, 2009
Util.getPublicKey/getPrivateKey uses this code to read the DSA keys from an
InputStream:

   byte[] bytes = new byte[pubKey.available()];
   pubKey.read(bytes);
   pubKey.close();

This only works if the whole key contents are available().
It does not work if the buffer is too small.
In my case, it did not work, and only a truncated key was read.

Worst thing, this produced no error, but a "working" DSA key pair.
Of course, the signature could not be verified.

Please fix this to read the whole contents of the stream,
see for example Commons IO IOUtils.toByteArray(InputStream)


Powered by Google Project Hosting