Re: Decrypting PKCS8 private keys

David Taylor (dtaylor@forge.com.au)
Thu, 20 May 1999 12:03:39 +1000

From: "David Taylor" <dtaylor@forge.com.au>
To: Jan Luehe <luehe@laguna.eng.sun.com>
Date: Thu, 20 May 1999 12:03:39 +1000
Subject: Re: Decrypting PKCS8 private keys

Jan,

Good point about not knowing what KeyFactory to ask for when you have
encrypted PKCS8 key specs.

The way I'd figured doing it was to have a class that knew about encrypted
PKCS8 things, decrypted them, checked the alg and created an appropriate
key factory before passing the decrypted spec in and returning a private
key.

I bring it up because, again, there is no standard way to do this. PKCS8 is
pretty common, so I don't think it out of place for the encrypted things to
get a mention and even a "right way to handle them" in the spec.

Some providers have private (as in not JCE) classes to do this, some don't
do it at all. My extra class should insulate my code from this, but then
everyone has to do it.

I realise you can't cover EVERYTHING in the spec, but we can make you try
;)