Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
InvalidKeyException: Not an EC key: ECDH
See original GitHub issueConstantly getting Exception in thread “main” java.security.InvalidKeyException: Not an EC key: ECDH
Environment Info: MacOS, Java 1.8
I’ve tried the solution mentioned in this issue but still no luck.
I have done the following:
- Generated Vapid keys on my local machine.
- Always inserting BouncyCastleProvider at 1st position.
- Using the same version of Bouncy Castle libs 1.54 (bcpg-jdk15on, bcprov-jdk15on, bcmail-jdk15on, bcpkix-jdk15on)
- Put one jar file bcprov-jdk15on-154 at
/Library/Java/JavaVirtualMachines/jdk1.8.0_211.jdk/Contents/Home/jre/lib/ext/
This is the stack trace:
This is the Subscription Class:
class WebSubscription {
private String auth, key, endpoint;
public WebSubscription() {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
}
public String getAuth() {
return auth;
}
public void setAuth(String auth) {
this.auth = auth;
}
/**
* Returns the base64 encoded auth string as a byte[]
*/
public byte[] getAuthAsBytes() {
return org.bouncycastle.util.encoders.Base64.decode(getAuth());
}
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
/**
* Returns the base64 encoded public key string as a byte[]
*/
public byte[] getKeyAsBytes() {
return org.bouncycastle.util.encoders.Base64.decode(getKey());
}
/**
* Returns the base64 encoded public key as a PublicKey object
*/
public PublicKey getUserPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
}
KeyFactory kf;
try {
kf = KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
} catch (NoSuchAlgorithmException nsae) {
kf = KeyFactory.getInstance("ECDH");
}
ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
ECPoint point = ecSpec.getCurve().decodePoint(getKeyAsBytes());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec);
return kf.generatePublic(pubSpec);
}
public String getEndpoint() {
return endpoint;
}
public void setEndpoint(String endpoint) {
this.endpoint = endpoint;
}
}
The sendNotification Method:
protected void sendNotification(final Notification webNotification) {
final String sourceMethod = "sendWebNotification";
WebPushNotification wpNotification = (WebPushNotification) webNotification;
String applicationId = webNotification.getApplicationId();
String messageId = webNotification.getNotificationId();
List<Long> deviceIds = webNotification.getDeviceIds();
List<String> params = new ArrayList<>();
nl.martijndwars.webpush.Notification notification;
WebSubscription sub = new WebSubscription();
sub.setEndpoint(FCM_ENDPOINT);
sub.setAuth(AUTH_TOKEN_FROM_SUBSCRIPTION);
sub.setKey(KEY_FROM_SUBSCRIPTION);
try {
PushService pushService;
notification = new nl.martijndwars.webpush.Notification(
sub.getEndpoint(),
sub.getUserPublicKey(),
sub.getAuthAsBytes(),
wpNotification.getAlert().getBytes(),
255);
// Instantiate the push service with a GCM API key
pushService = new PushService(GCM_API);
pushService.setPrivateKey(PRIVATE_KEY);
pushService.setPublicKey(PUBLIC_KEY);
HttpResponse httpResponse = pushService.send(notification);
} catch (Exception e) {
LOG.error(sourceMethod, "Send Message failure...", e);
}
}
P.S.: Don’t know if it helps but I am building a final war file of the PushService and deploying in my local environment.
Let me know if more information is required. Thanks, Yash Soni
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
java.security.InvalidKeyException: Not an EC key: ECDH #100
I'm getting this error using the CLI send-notification java.security.InvalidKeyException: Not an EC key: ECDH at sun.security.ec.
Read more >InvalidKeyException using ECPublicKey - Stack Overflow
I'm getting the following exception when i try to encrypt a byte array with a EC public key :
Read more >ECDH - nimbus-jose-jwt 8.15 javadoc - javadoc.io
InvalidKeyException ; 023import java.security. ... 146 * @param privateKey The private EC Key, i.e. the ephemeral private EC 147 * key on encryption, ......
Read more >Diff - 66917bc^! - platform/libcore - Git at Google
If the key is not an EC key - * or cannot be used, throw an InvalidKeyException. - * - * The difference...
Read more >KeyGenParameterSpec - Android Developers
This is because the KeyStore abstraction does not support storing key pairs without a certificate. ... Example: EC key for ECDH key agreement....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thanks, @MartijnDwars for the help. I’m closing this issue as it is solved.
It looks like you’re running your JVM with a custom trust store that does not contain Google’s root certificate. The error hints at a solution: add the signer to the local trust store. You’ll have to Google on how to do this exactly, but maybe you can start at the following references: