尝试部署节点时出错:" java.security.NoSuchAlgorithmException:1.2.840.113549.1.1.1签名不可用"

时间:2018-02-02 07:17:11

标签: corda

(上一个问题:Error when try to deploy a node: "java.lang.IllegalArgumentException: Unrecognised algorithm: 1.2.840.10040.4.1"

在我按照上一个问题中提到的工作完成后,我收到了另一条错误消息:

  / ____/     _________/ /___ _
 / /     __  / ___/ __  / __ `/         I had an account with a bank in the
/ /___  /_/ / /  / /_/ / /_/ /          North Pole, but they froze all my assets 
\____/     /_/   \__,_/\__,_/

--- Corda Open Source 2.0.0 (f91995b) -----------------------------------------------



Logs can be found in                    : C:\Corda\logs
Database connection url is              : jdbc:h2:tcp://192.168.1.211:11000/node
[1;31mE 14:25:41+0800 [main] internal.Node.run - Exception during node startup
[m org.bouncycastle.cert.CertException: unable to process signature: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.cert.X509CertificateHolder.isSignatureValid(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at net.corda.node.utilities.X509Utilities.createCertificate$node_main(X509Utilities.kt:281) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:142) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate(X509Utilities.kt:118) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.X509Utilities.createCertificate$default(X509Utilities.kt:117) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.createCertificate(KeyStoreUtilities.kt:181) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.KeyStoreWrapper.signAndSaveNewKeyPair(KeyStoreUtilities.kt:189) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity(AbstractNode.kt:652) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.obtainIdentity$default(AbstractNode.kt:630) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.makeServices(AbstractNode.kt:387) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.access$makeServices(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:185) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$start$startedImpl$1.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:484) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode$initialiseDatabasePersistence$6.invoke(AbstractNode.kt:99) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.inTopLevelTransaction(CordaPersistence.kt:84) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:75) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.utilities.CordaPersistence.transaction(CordaPersistence.kt:65) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.initialiseDatabasePersistence(AbstractNode.kt:483) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.initialiseDatabasePersistence(Node.kt:302) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:184) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.Node.start(Node.kt:312) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:95) ~[corda-node-2.0.0.jar:?]
    at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:74) [corda-node-2.0.0.jar:?]
    at net.corda.node.Corda.main(Corda.kt:11) [corda-node-2.0.0.jar:?]
Caused by: org.bouncycastle.operator.OperatorCreationException: exception on setup: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.1 Signature not available
    at java.security.Signature.getInstance(Unknown Source) ~[?:1.8.0_151]
    at org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createSignature(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.OperatorHelper.createSignature(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.createSignatureStream(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.access$200(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    at org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder$2.get(Unknown Source) ~[bcpkix-jdk15on-1.57.jar:1.57.0]
    ... 25 more

看起来我的密钥库(或内部密钥)仍然缺少某些东西,也许是签名算法。

我做了一些研究并理解了什么是1.2.840.113549.1.1.1来自这里的签名:http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html

然后我在keytool文档中搜索:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature 并发现了#NONEwithRSA'。

之后我尝试在我的keystore命令行中使用-sigalg NONEwithRSA生成密钥对,并遇到以下错误消息:

> keytool -genkeypair -keyalg RSA -sigalg NONEwithRSA -keystore root.jks -dname "OU=ID, O=My Organization, L=Hong Kong, ST=Hong Kong, C=HK" -storepass password -keypass password -alias root -ext bc:c

Picked up _JAVA_OPTIONS: -Xmx2048M
keytool error: java.security.NoSuchAlgorithmException: unrecognized algorithm name: NONEwithRSA

1 个答案:

答案 0 :(得分:2)

您似乎正在使用Corda Open Source 2.0.0。 Keytool默认使用RSA PKCS 1(1.2.840.113549.1.1.1),但Corda 2.0.0不支持。据我所知,它将在Corda 3.0之后启用。 我建议使用更快的ECDSA,同时键更小。 也就是说,将所有算法更改为:

{{1}}