Re: Decrypting PKCS8 private keys

Bernard Leach (leachbj@aba.net.au)
Fri, 21 May 1999 11:02:21 +1000

Date: Fri, 21 May 1999 11:02:21 +1000
From: Bernard Leach <leachbj@aba.net.au>
To: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Decrypting PKCS8 private keys

Jan Luehe wrote:
>
> David:
>
> > To try and make things clear so I can "fix" the FORGE provider...
> >
> > For public keys My RSA key factory should accept:
> >
> > X509EncodedKeySpecs with an X.509 PublicKeyInfo structure encoded in it (as
> > that is what is being passed in from the Certificate class)
> > RSAPublicKeySpec
>
> Correct.
>
> You should be able to do something like this:
>
> Certificate cert = <parse certificate>;
>
> X509EncodedKeySpec sp =
> new X509EncodedKeySpec(cert.getPublicKey().getEncoded());
> KeyFactory kf = KeyFactory.getInstance(cert.getPublicKey().getAlgorithm());
> PublicKey pub = kf.generatePublic(sp);

This assumes that the key returned by cert.getPublicKey() returns a
X.509
encoded key. Now thats not really unreasonable but perhaps the
X509Certificate
documenation should suggest that it should return keys like that.

> [...]
>
> > Is there anything else an RSA key factory should accept, either other key
> > specs or different key storage formats?
>
> No, that should be it.

Except for the java.security.spec.RSA*KeySpec classes (I am guessing you
have them covered already though :)

bernard.