Security News > 2022 > April > Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
2022-04-22 12:09

The vulnerability, which Oracle patched on Tuesday, affects the company's implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above.

ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.

ECDSA signatures rely on a pseudo-random number, typically notated as K, that's used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer's public key, and a cryptographic hash of the message.

When both sides of the equation are equal, the signature is valid.

That means an adversary only needs to submit a blank signature to pass the verification check successfully.

Java's implementation of ECDSA signature verification didn't check if R or S were zero, so you could produce a signature value in which they are both 0 and Java would accept it as a valid signature for any message and for any public key.


News URL

https://www.schneier.com/blog/archives/2022/04/java-cryptography-implementation-mistake-allows-digital-signature-forgeries.html