From: Ming Yung <ming@dstc.qut.edu.au>
Message-Id: <199905200644.QAA15924@typhoon.dstc.qut.edu.au>
Subject: Re: Decrypting PKCS8 private keys
To: luehe@laguna.eng.sun.com
Date: Thu, 20 May 1999 16:44:15 +1000 (EST)
In-Reply-To: <199905200143.SAA10581@laguna.eng.sun.com> from "Jan Luehe" at May 19, 99 06:43:49 pm
Jan wrote:
>
> David:
>
> > I have some questions about private keys and key factories
> >
> > 1. PKCS8 encrypted keys
> >
> > My question is: what comes out of that octet string when you decrypt it? Is
> > it a PKCS8 PrivateKeyInfo structure that can then be put into a
> > PKCS8EncodedKeySpec or is it the lower level key info such an
> > RSAPrivateKey?
>
>
> The decryption result is a PKCS#8 PrivateKeyInfo which can be stored in a
> PKCS8EncodedKeySpec and fed to a KeyFactory.
>
I realized only recently this is what Sun intends to be put into
PKCS8EncodedKeySpec. Prior to that the DSTC KeyFactories had been
expecting the DER encoding of EncryptedPrivateKeyInfo in a
PKCS8EncodedKeySpec. In such a case, the KeyFactory will prompt
for a password. Currently, we accept both EncryptedPrivateKeyInfo
and PrivateKeyInfo.
>
> >
> > A point about doing this in Java: the PKCS8EncodedKeySpec and KeyFactory
> > classes don't seem to have any provision for keys stored in
> > EncryptedPrivateKeyInfo structures. You generally need a password to
> > decrypt the keys and there is nowhere to set this password. A key factory
> > could recognise the encrypted key info and prompt for the password, but
> > this sort of thing shouldn't be open to interpretation.
>
>
> When you instantiate a KeyFactory, you do that based on the
> algorithm of the key you are trying to parse. In the case of
> EncryptedPrivateKeyInfo, that algorithm is not visible
> (it's part of the encrypted key info). So how would you
> instantiate an appropriate KeyFactory for an EncryptedPrivateKeyInfo?
>
Perhaps what is needed is a non-algorithm specific "KeyFactory" with
the smarts to work out what key is being encapsulated? In other words,
decrypt, check the algorithm OID and then delegate to an
algorithm-specific "KeyFactory". I appreciate that algorithm-specific
KeyFactories are necessary for certain types of key material, but
PKCS#8 encoded keys are self-describing.
>
> >
> > 2. X509EncodedKeySpec
> >
> > The docs for X509EncodedKeySpec say it can be used for the DER encoding of
> > a public or private key according the X.509 spec. Does the X.509 spec give
> > structures for private keys? What are the ASN.1 structures (leading to the
> > DER encoding) that are acceptable for private keys in a X509EncodedKeySpec?
> > Also, what key types - I guess RSA and DSA - but any others?
>
>
> I was under the impression that X.509 (at some point in the past)
> also defined an ASN.1 structure for RSA private keys, consisting of
> a SEQUENCE of the modulus and the private exponent. I have not been able to
> find that definition in the latest X.509 docs. Can anyone confirm?
>
I recall seeing precisely such a structure in an early draft of
RFC2459 ("Internet X.509 Public Key Infrastructure Certificate
and CRL Profile"). Perhaps this is what Jan is referring to?
Cheers,
Ming