07-12-2010 09:35 AM - edited 07-13-2010 01:43 AM
The first imperfection is in CMSSignedDataInputStream.verify(CMSEntityIdentifie
++++OIDs.getOID(0x2E2E0369) - which obtains SHA1 OID (2B:0E:03:02:1A)
++++OIDs.getOID(0x2038E774) - which obtains SHA256 OID (60:86:48:01:65:03:04:02:01)
++++OIDs.getOID(0x203CE774) - which obtains SHA384 OID (60:86:48:01:65:03:04:02:02)
++++OIDs.getOID(0x2040E774) - which obtains SHA512 OID (60:86:48:01:65:03:04:02:03)
all of these OIDs BB code compares with my OID (2A:85:03:02:1E:01, id-GostR3411-94-CryptoProParamSet) and then throws the CryptoUnsupportedOperation.
I don't understand, why did RIM hardcode all these digest algorithm OIDs? The more flexible decision is to obtain digest via DigestFactory:
String digestAlgorithmName = OIDs.getAssociatedString(OIDs.HASH_ALGORITHM_NAME, oid);
Digest digest = DigestFactory.getInstance(digestAlgorithmName);
which allows developers to add their own digest algorithms.
The second imperfection is in X509Certificate.create() method - it doesn't allow programmers to create X509Certificates using specific KeyPair and digest implementation even BB has all algorithms, encoders/decoders and OIDs installed.
07-13-2010 01:19 PM
Please log these issues in the BlackBerry Issue Tracker: https://www.blackberry.com/jira/secure/Dashboard.j