发表新帖
发表新帖

Generating RSA keys in PKCS#1 format in Java

前端 未结
关注
6 659
有刺的猬
有刺的猬 2020-11-28 08:33

When I generate an RSA key pair using the Java API, the public key is encoded in the X.509 format and the private key is encoded in the PKCS#8 format. I\'m looking to encod

6条回答
  • 半阙折子戏
    半阙折子戏 (楼主)
    2020-11-28 08:58

    You will need BouncyCastle:

    import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

    The code snippets below have been checked and found working with Bouncy Castle 1.52.

    Private key

    Convert private key from PKCS8 to PKCS1:

    PrivateKey priv = pair.getPrivate();
byte[] privBytes = priv.getEncoded();

PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privBytes);
ASN1Encodable encodable = pkInfo.parsePrivateKey();
ASN1Primitive primitive = encodable.toASN1Primitive();
byte[] privateKeyPKCS1 = primitive.getEncoded();

    Convert private key in PKCS1 to PEM:

    PemObject pemObject = new PemObject("RSA PRIVATE KEY", privateKeyPKCS1);
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
String pemString = stringWriter.toString();

    Check with command line OpenSSL that the key format is as expected:

    openssl rsa -in rsa_private_key.pem -noout -text

    Public key

    Convert public key from X.509 SubjectPublicKeyInfo to PKCS1:

    PublicKey pub = pair.getPublic();
byte[] pubBytes = pub.getEncoded();

SubjectPublicKeyInfo spkInfo = SubjectPublicKeyInfo.getInstance(pubBytes);
ASN1Primitive primitive = spkInfo.parsePublicKey();
byte[] publicKeyPKCS1 = primitive.getEncoded();

    Convert public key in PKCS1 to PEM:

    PemObject pemObject = new PemObject("RSA PUBLIC KEY", publicKeyPKCS1);
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
String pemString = stringWriter.toString();

    Check with command line OpenSSL that the key format is as expected:

    openssl rsa -in rsa_public_key.pem -RSAPublicKey_in -noout -text

    Thanks

    Many thanks to the authors of the following posts:

    • https://stackoverflow.com/a/8713518/1016580
    • https://stackoverflow.com/a/14052651/1016580
    • https://stackoverflow.com/a/14068057/1016580

    Those posts contained useful, though sometimes outdated info (i.e. for older versions of BouncyCastle), that helped me to construct this post.

    0 讨论(0)
 看不清?
提交回复
热议问题