Re: Decrypting PKCS8 private keys

Jan Luehe (luehe@laguna.eng.sun.com)
Thu, 20 May 1999 14:38:10 -0700 (PDT)

Message-Id: <199905202138.OAA01129@laguna.eng.sun.com>
Date: Thu, 20 May 1999 14:38:10 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Decrypting PKCS8 private keys
To: ming@dstc.qut.edu.au

Ming:

> I realized only recently this is what Sun intends to be put into
> PKCS8EncodedKeySpec. Prior to that the DSTC KeyFactories had been
> expecting the DER encoding of EncryptedPrivateKeyInfo in a
> PKCS8EncodedKeySpec. In such a case, the KeyFactory will prompt
> for a password. Currently, we accept both EncryptedPrivateKeyInfo
> and PrivateKeyInfo.

The encryption algorithm may not necessarily be password-based.
In order to be more generic, your key factory would need a
Cipher object to decrypt the key. However, we cannot expose the
Cipher class in the JDK (because we want the JDK to be generally
exportable, see previous email).

I have changed the javadocs of java.security.spec.PKCS8EncodedKeySpec as
follows:

/**
* This class represents the ASN.1 encoding of a private key,
* encoded according to the ASN.1 type <code>PrivateKeyInfo</code>,
* whose syntax is defined in the PKCS#8 standard, as follows:
*
* <pre>
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL }
*
* Version ::= INTEGER
*
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
*
* PrivateKey ::= OCTET STRING
*
* Attributes ::= SET OF Attribute
* </pre>


Also, the javadocs of java.security.spec.X509EncodedKeySpec now
read:

/**
* This class represents the ASN.1 encoding of a public key,
* encoded according to the ASN.1 type <code>SubjectPublicKeyInfo</code>,
* whose syntax is defined in the X.509 standard, as follows:
*
* <pre>
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
* </pre>
*

That should avoid any confusion in the future.

> I recall seeing precisely such a structure in an early draft of
> RFC2459 ("Internet X.509 Public Key Infrastructure Certificate
> and CRL Profile"). Perhaps this is what Jan is referring to?

I checked the latest version of that RFC, and there is no reference
to the ASN.1 syntax of private keys. Therefore, I have removed
the reference to "private keys" from X509EncodedKeySpec (see updated
javadocs above).

Jan