Using a PEM encoded, encrypted private key to sign a message natively

Question

I\'m trying to use a PEM(X.509) certificate (stored in a privateKey.pem file on disk) to sign messages sent via sockets in Java, but am having a lot of trouble finding an ex

Answer 1

The OpenSSL command generate key-pair and encodes it in PKCS#1 format. If you don't use the encryption (didn't provide password for the command), the PEM is simply Base64-encoded DER for the PKCS#1 RSAPrivateKey.

Unfortunately, Sun's JCE doesn't provide a public interface to read the key in this format. You have 2 options,

1. Import the key into keystore and you can read it from there. Keytool doesn't allow for importing of private keys. You can find other tools to do this.

2. OAuth library has a function to handle this. Look at code here,

http://oauth.googlecode.com/svn/code/java/core/commons/src/main/java/net/oauth/signature/pem/PKCS1EncodedKeySpec.java