Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
Ben Nadel at the New York ColdFusion User Group (Apr. 2008) with: Dmitriy Goltseker
Ben Nadel at the New York ColdFusion User Group (Apr. 2008) with: Dmitriy Goltseker

java.security.InvalidKeyException: IOException : Short read of DER length

By Ben Nadel on
Tags: ColdFusion

Yesterday, I lost an hour of work trying to debug a less-than-helpful Java error message. When I Googled for the error, the only result that came up was the actual Java source code. As such, I wanted to document this error message in case others come across it. The error message:

java.security.InvalidKeyException: IOException : Short read of DER length

This error wasn't related to the part of the code that I was working on, so it wasn't immediately apparent what was going wrong. The line of code in question was attempting to generate an RSA signature using a private key that was being pulled out of the environmental variables. It was only after logging out the environmental variables that I realized the private key was empty in my local development environment.

Once I saw that my private key was empty, the "short read" kinda sorta maybe makes sense. But, it is definitely a poorly worded error message - one that could easily be improved to be more insightful.

Anyway, here's some sample code that demonstrates the RSA signing error:

  • <cfscript>
  •  
  • // CAUTION: Notice that I am passing in "" as the private key!!
  • generateRsaSignature( "SHA256withRSA", "", "There's something about you that sticks." );
  •  
  • // ------------------------------------------------------------------------------- //
  • // ------------------------------------------------------------------------------- //
  •  
  • /**
  • * I generate an RSA signature for the given message using the given algorithm and key.
  • *
  • * CAUTION: Not all algorithms are supported - it depends on how many security
  • * providers you have installed in your Java runtime environment.
  • *
  • * @algorithm I am the signing algorithm (ex, MD5withRSA, SHA256withRSA).
  • * @key I am the plain-text private key used to sign the message.
  • * @message I am the plain-text message being signed.
  • * @output false
  • */
  • public string function generateRsaSignature(
  • required string algorithm,
  • required string key,
  • required string message
  • ) {
  •  
  • var keySpec = createObject( "java", "java.security.spec.PKCS8EncodedKeySpec" )
  • .init( binaryDecode( key, "base64" ) )
  • ;
  •  
  • var keyFactory = createObject( "java", "java.security.KeyFactory" )
  • .getInstance( javaCast( "string", "RSA" ) )
  • ;
  •  
  • var privateKey = keyFactory.generatePrivate( keySpec );
  •  
  • var signature = createObject( "java", "java.security.Signature" )
  • .getInstance( javaCast( "string", algorithm ) )
  • ;
  •  
  • signature.initSign( privateKey );
  • signature.update( charsetDecode( message, "utf-8" ) );
  •  
  • return( lcase( binaryEncode( signature.sign(), "base64" ) ) );
  •  
  • }
  •  
  • </cfscript>

As you can see, I'm passing-in an empty-string for the private key value, which will generate the InvalidKeyException IO error mentioned above.

If you are interested in generting and verifying RSA signatures in ColdFusion, I played around with a ColdFusion Component (CFC) that encapsulates the ceremony of creating the intermediary Java objects.



Looking For A New Job?

Ooops, there are no jobs. Post one now for only $29 and own this real estate!

100% of job board revenue is donated to Kiva. Loans that change livesFind out more »

Reader Comments

Post A Comment

You — Get Out Of My Dreams, Get Into My Comments
Live in the Now
Oops!
NEW: Some basic markdown formatting is now supported: bold, italic, blockquotes, lists, fenced code-blocks. Read more about markdown syntax »
Comment Etiquette: Please do not post spam. Please keep the comments on-topic. Please do not post unrelated questions or large chunks of code. And, above all, please be nice to each other - we're trying to have a good conversation here.