wiki:Crypto/ECDSA

ECDSA Help Page

If you came to this page because you have a warning in your console about missing ECDSA support, you are in the right place. This page includes additional information and help on how to fix it.

Background

We are migrating most of the digital signature cryptography in I2P to ECDSA. This effort started in late 2013, and in each 2014 release we have improved the support for ECDSA and moved more functions over to ECDSA. By early 2015, ECDSA support will be required for many things to work in I2P.

Unfortunately, we depend on Java and the OS to provide the low-level support for ECDSA, and it is not always present.

We've added the following warnings if you do not have ECDSA support:

  • As of 0.9.15, there are warnings in the log files and on the logs page at http://127.0.0.1:7657/logs
  • As of 0.9.17, there is a warning in the console side bar.
  • Periodic warnings in release notes and console news in 2014.

Solutions

There are several possible reasons for the lack of ECDSA support:

  • Red Hat / Fedora : May not be supported. Install the Bouncy Castle provider "bcprov" jar. Instructions below or at: http://forum.i2p/viewtopic.php?t=11580
  • Gentoo OSes: ECDSA is broken. It reports that ECDSA is supported but it doesn't actually work. See https://bugs.gentoo.org/show_bug.cgi?id=528338 http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2497 http://zzz.i2p/topics/1931 . Reported workaround is using icedtea (not icedtea-bin) being emerged with USE="-sunec nss". I2P 0.9.23 will include better detection for broken Gentoo crypto.
  • Debian (confirmed in Wheezy, changelog marked 30 Jul 2016, applicability to other versions uncertain): since a recent OpenJDK7 update, the necessary .jar is no longer active by default - ensure the package libbcprov-java is installed, and then copy or link bcprov.jar from /usr/share/java/ to $JAVA_HOME/lib/ext/ - on Wheezy-amd64 using OpenJDK7, the full destination path is /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/
  • Old version of I2P. ECDSA support was added in 0.9.12. We recommend that you upgrade to the current release.
  • Old version of Java. If you are running Java 6, try upgrading to Java 7.
  • Beta version of Java. Ubuntu Xenial (16.04) openjdk-9-jre 9~b114-0ubuntu1 does not support ECDSA. Yakkety (16.10) has a newer version, untested. Install openjdk-8-jre and use "sudo update-alternatives --config java" to select it.
  • Lack of "unlimited strength policy files" in Java. Unlikely, but it might work. See http://zzz.i2p/topics/1682
  • Old or unusual OS without ECDSA support. See Red Hat or Debian above.

Bouncy Castle Provider Installation Instructions

  • Stop I2P
  • Download the provider jar from https://www.bouncycastle.org/download/bcprov-jdk15on-155.jar
  • Find your I2P Installation directory. This is usually at $HOME/i2p on Linux, but it varies if installed as a daemon, possibly /usr/share/i2p .
  • Copy the bcprov-jdk15on-155.jar file to the lib/ directory inside your installation directory.
  • Start I2P

Links and More Information

Last modified 20 months ago Last modified on Nov 4, 2016 3:16:11 PM