Loading PublicKey generated from java thro openSSL API

Question

Should implement the solution with JCE I Have a Public Key String generated using the KeyPairGenerator.

How do I load this in openSSL Api call using PEM_read_bio_RSAPublicKey? Or this will have the x509 spec encoded how do we remove and generate the public which is compatible with the openssl api call?

try {
    // Get the public/private key pair
    KeyPairGenerator keyGen = KeyPairGenerator
        .getInstance(keyAlgorithm);
    keyGen.initialize(numBits);
    KeyPair keyPair = keyGen.genKeyPair();
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();

    System.out.println("\n" + "Generating key/value pair using "
        + privateKey.getAlgorithm() + " algorithm");

    // Get the bytes of the public and private keys
    privateKeyBytes = privateKey.getEncoded();
    publicKeyBytes = publicKey.getEncoded();
    try {
        rsa_publickey = new 
            BASE64Encoder().encodeBuffer((keyPair.getPublic()).getEncoded());
    }
    catch(Exception e1)
    {
        e1.printStackTrace();
    }
    System.out.println("PublicKey :"+rsa_publickey);
}
catch(Exception e1)
{
    e1.printStackTrace();
}

Bruno · Accepted Answer · 2010-11-09 16:59:25Z

3

Perhaps you could try to export it from Java to the PEM format OpenSSL can read, using Bouncycastle's PEMWriter.

EDIT: For example, the following code:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair keyPair = keyGen.genKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();

// Solution 1: using BouncyCastle's PEMWriter
PEMWriter pemWriter = new PEMWriter(new PrintWriter(System.out));
pemWriter.writeObject(publicKey);
pemWriter.flush();

// Solution 2: using sun.misc.BASE64Encoder
// (and possibly naive 64-character line split)
sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
String encoded = encoder.encode(publicKey.getEncoded());
encoded = encoded.replace("\n", "");
StringBuilder builder = new StringBuilder();
builder.append("-----BEGIN PUBLIC KEY-----");
builder.append("\n");
int i = 0;
while (i < encoded.length()) {
    builder.append(encoded.substring(i,
            Math.min(i + 64, encoded.length())));
    builder.append("\n");
    i += 64;
}
builder.append("-----END PUBLIC KEY-----");
System.out.println(builder);

produces this output:

(If you want to do it without BouncyCastle, you might want to use another base 64 encoder, since it's usually not recommended to use sun.* packages that may not be exposed or available on all JREs.)

I haven't tried to load in using OpenSSL's API, but with OpenSSL on the command line, when you paste the above key, you get this (note that what's between the BEGIN/END delimiters is stdin, pasted on the terminal here):

$ openssl rsa -inform PEM -pubin -text -noout
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CCQ5fdVEEm8u1CrbMXa
FK35/d5MxNjCg7EQZwKsydRhfGhbK+u+iTUiv9rkqhcCucqrMi9eXtqt/QNGreFF
oR5auneeCMgqnXxoX7wjuZ5DBt6qN6ZSe+sAPqSKbvvLUmpBUK9pdOvxegQFGG2d
OUCcQLg2o6vLr9r7ZJDSxdyzCb14i+TEt0TnLjFTkR846dmX41gfU7eacoPxYWoo
Pvhq2huyH0cP8rNJ2/+2BcInjyv5TpLT+m0lYjMar6exgonqRetIJF0Gi7unM+0V
RsBoaBMAsLeqoR5OrCrSKepWbjixjHRMmjBaTYM5wP8DAbjVupUQ9kUwqRTzHTti
XQIDAQAB
-----END PUBLIC KEY-----
Modulus (2048 bit):
    00:d0:20:90:e5:f7:55:10:49:bc:bb:50:ab:6c:c5:
    da:14:ad:f9:fd:de:4c:c4:d8:c2:83:b1:10:67:02:
    ac:c9:d4:61:7c:68:5b:2b:eb:be:89:35:22:bf:da:
    e4:aa:17:02:b9:ca:ab:32:2f:5e:5e:da:ad:fd:03:
    46:ad:e1:45:a1:1e:5a:ba:77:9e:08:c8:2a:9d:7c:
    68:5f:bc:23:b9:9e:43:06:de:aa:37:a6:52:7b:eb:
    00:3e:a4:8a:6e:fb:cb:52:6a:41:50:af:69:74:eb:
    f1:7a:04:05:18:6d:9d:39:40:9c:40:b8:36:a3:ab:
    cb:af:da:fb:64:90:d2:c5:dc:b3:09:bd:78:8b:e4:
    c4:b7:44:e7:2e:31:53:91:1f:38:e9:d9:97:e3:58:
    1f:53:b7:9a:72:83:f1:61:6a:28:3e:f8:6a:da:1b:
    b2:1f:47:0f:f2:b3:49:db:ff:b6:05:c2:27:8f:2b:
    f9:4e:92:d3:fa:6d:25:62:33:1a:af:a7:b1:82:89:
    ea:45:eb:48:24:5d:06:8b:bb:a7:33:ed:15:46:c0:
    68:68:13:00:b0:b7:aa:a1:1e:4e:ac:2a:d2:29:ea:
    56:6e:38:b1:8c:74:4c:9a:30:5a:4d:83:39:c0:ff:
    03:01:b8:d5:ba:95:10:f6:45:30:a9:14:f3:1d:3b:
    62:5d
Exponent: 65537 (0x10001)

EDIT: If you want to export something within the BEGIN RSA PUBLIC KEY instead, you can try something like this:

RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
RSAPublicKeyStructure pubkeyStruct = new RSAPublicKeyStructure(
    rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
pubkeyStruct.getDEREncoded(); // base64-encode this between the delimiters

edited Nov 9, 2010 at 16:59

answered Nov 3, 2010 at 1:59

Bruno

123k33 gold badges278 silver badges389 bronze badges

Sign up to request clarification or add additional context in comments.

11 Comments

MSSV Over a year ago

Can you please suggest using JCE

Bruno Over a year ago

@MSSV, I've just added an example, I'm not sure if it's what you're looking for.

MSSV Over a year ago

is there any encoding change if the header says as BEGIN RSA PUBLIC KEY instead of BEGIN PUBLIC KEY ?

Bruno Over a year ago

@MSSV, yes. they are different, what's within BEGIN RSA PUBLIC KEY is the "subjectPublicKey" in this ASN.1 structure SubjectPublicKeyInfo := SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } whereas what's within BEGIN PUBLIC KEY is the whole structure (including AlgorithmIdentifier).

MSSV Over a year ago

Then how do i set this using the bouncy castle?

|

Collectives™ on Stack Overflow

Loading PublicKey generated from java thro openSSL API

1 Answer 1

11 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

11 Comments

Your Answer

Sign up or log in

Post as a guest

Related