Crypo API: Reading key from file

[Uwe Seimet]

Hi,

how do I convert a byte[] which contains a private RSA key to an
instance of java.security.PrivateKey?
The byte[] was obtained with PrivateKey.getEncoded(), and I would expect
a complementary API function to convert the byte[] back to a PrivateKey,
but I don't find anything. Am I missing something? How is this done?

Best regards, Uwe

 

[iksrazal]

I use getEncoded() on X509Certificate, store it in LDAP, and convert it
back. Should work the same way, here some code. Note that LDAP
ctx.lookup returns Object, in my case 'bin' and I just convert back to
byte array, as I store it.

X509Certificate cert = null;
try
{
// retrieve as binary object
Object bin = doLookup(results, "userCertificate;binary");
if (null==bin)
{
throw new IllegalStateException("Search results do not contain
X509 Certificate");
}
// convert to byte array
byte[] buf = (byte[])bin;
if (1 >= buf.length)
{
throw new IllegalStateException("Illegal certificate size");
}
// convert to X.509 class
CertificateFactory cf = CertificateFactory.getInstance( "X.509"
);
ByteArrayInputStream bais = new ByteArrayInputStream(buf);
while (bais.available() > 0)
{
cert = (X509Certificate) cf.generateCertificate( bais );
}
}//end try

HTH,
iksrazal
http://www.braziloutsource.com/

 

[iksrazal]

Thinking about this a bit more, I can't find a PrivateKeyFactory,
although my guess is that if you have ByteArrayInputStream, there may
be something that creates PrivateKey. I use KeyStore to generate my
PrivateKey's, and store those in LDAP as in this case a Serialized
Object.

If you find out how, could you post it? I'm curious.
iksrazal

iksrazal

 

[Uwe Seimet]

I use getEncoded() on X509Certificate, store it in LDAP, and convert it
back. Should work the same way, here some code. Note that LDAP
ctx.lookup returns Object, in my case 'bin' and I just convert back to
byte array, as I store it.

I don't think the approach you used for a certificate will work, because
an X509 certificate is not the same object as a private RSA key, and
other APIs have to be used.

 

[Jean-Baptiste Nizet]

I think you should use the KeyFactory class. Look at its Javadoc, there
is an example for a DSA public key encoded using X509.
In your case, the code should probably look like (provided you encoded
your key using PKCS8)

PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);

JB.

 

[Uwe Seimet]

I think you should use the KeyFactory class. Look at its Javadoc, there
is an example for a DSA public key encoded using X509.
In your case, the code should probably look like (provided you encoded
your key using PKCS8)

PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);

Thank you, this helped me solve my problem!

Best regards, Uwe