Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / January 2006

Tip: Looking for answers? Try searching our database.

Extracting RSA Private Key

Thread view: 
Enable EMail AlertsStart New Thread
Tran.Tin@gmail.com - 09 Jan 2006 06:57 GMT
Hi Everyone,

I've had a problem that has been puzzling me for weeks now.

I've been provided with a file from my client which is suppose to be a
private key (in DER format?) which is in the format privateKey.key. My
aim is to eventually use that key for the symmetric signing of data.

>From what i understand i must first decrypt this key, then read this
decrypted private key file into a java RSAPrivateKey object which is
eventually used for the signing of data. They way i go about this as
follows:

1. Decrypting of Private Key: I have used OpenSSL for this with the
following command
pkcs8 -inform DER -in PrivateKey.key -out PrivateKeyDecrypted
which results in a file with these contents:

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDArCo5om1eOPsVVkgG57X0VZI+Y/kqSRRqtOVBGj8rKx38nYjH
...
gBIUpRlCzi6zGAhq3KVosQeqp0TAg9aSREW+Jux6nYJigA==
-----END RSA PRIVATE KEY-----

2. Reading in of Key File to Java RSAPrivateKey object:

PKCS8EncodedKeySpec l_ks  = new
PKCS8EncodedKeySpec(getBytesFromFile(PrivateKeyDecrypted));

KeyFactory l_kf = KeyFactory.getInstance("RSA", "BC");

RSAPrivateKey l_pk = (RSAPrivateKey)l_kf.generatePrivate(l_ks );

 private static byte[] getBytesFromFile(String infile){
   File f = new File(infile) ;
   int sizecontent = ((int) f.length());
   byte[] data = new byte[sizecontent];
   try{
     FileInputStream freader = new FileInputStream(f);
     freader.read(data, 0, sizecontent) ;
     freader.close();
     return data;
   }
   catch(IOException ioe){
     System.out.println(ioe.toString());
     return null;
   }
}

The problem is the
RSAPrivateKey l_pk = (RSAPrivateKey)l_kf.generatePrivate(l_ks ); line
throws the following exception:

java.security.spec.InvalidKeySpecException:
java.lang.ClassCastException: org.bouncycastle.asn1.DERUnknownTag
at
org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePrivate(JDKKeyFactory.java:323)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)

I tried changing the keyFactory method to
KeyFactory.getInstance("RSA"); however it simply gave me another
exception:

java.security.spec.InvalidKeySpecException: Unknown key spec.
    at
com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA6275)
    at
com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA6275)

Does anyone have any idea what i am doing wrong???
Reply to this Message
ss147 - 09 Jan 2006 19:01 GMT
Can you post the entire key?  I'll try it out myself.

Thanks.

> ((int) f.length());
Reply to this Message
Tran.Tin@gmail.com - 09 Jan 2006 23:07 GMT
Hmmm Ok here it is .... please have some answers for me..

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDArCo5om1eOPsVVkgG57X0VZI+Y/kqSRRqtOVBGj8rKx38nYjH
VqAkKS4sYRsvLtXI+1courEksbrhYxkYJOc1rqm6uyWSIbrtwhSStoETa2/+3Zsv
tGYakQARhlPm6Pqyj6DjiNZrMW8JjtSehr4grd17Aub6L3wv28tkHvIizwIDAQAB
AoGBALxMReQXws0v4OsEbNYaw++rZYaGC+/whfyXF+pdLVkSBXdpulAeb9mHSXHj
4T5mhlaqlI7gjdkvvVUilVbMUgypGYr8D7tw+cIw4dY59T+iYJP4ohu0/9QxT61z
LaxCDWz1oQSWrqVrC2YeBMZlUMqoj60qhZuN/nMLuMlf69s5AkEA6gDl7P8sgMk5
ur0BIpDDsAiXS0GwbrbKg+b9Ha7OAG+8rMG4K8oTSNXsZESLrN2ZcLzr08Xp/GIv
8qZzWoT17QJBANLIq6mQKXjPYX9PYvFB4voQJ2uBzARbT+9IBEki9IeBoa+8KMlh
XatepWNnWN+EGFu25K+TYimWvW/alL81pCsCQQDGsbyKYKIJONQsHBC6qPGAp8rP
vBdz6wJKvfhvG98Pv9EVX+hiRlPZpMv0179CKWgAsmoMiCEGjNjp0Sxh0ESBAkEA
jrmCQxZyfnMtuV6vyFysrFYz2v/QfUK3JXbGMB+TJA4KxUvK8lETc+5qXpyj+PUg
6Tk2MAzD8xU2wH5pKe/QcQJAEYsi0vjsIzcIOaCRRPA+H0kOEgx4wPZmKNrLNGru
gBIUpRlCzi6zGAhq3KVosQeqp0TAg9aSREW+Jux6nYJigA==
-----END RSA PRIVATE KEY-----
Reply to this Message
Jan Peter Stotz - 10 Jan 2006 10:55 GMT
Tran.Tin@gmail.com schrieb:

> -----BEGIN RSA PRIVATE KEY-----
> MIICXgIBAAKBgQDArCo5om1eOPsVVkgG57X0VZI+Y/kqSRRqtOVBGj8rKx38nYjH
[quoted text clipped - 5 lines]
> [..]
> Does anyone have any idea what i am doing wrong???

That is simple. The keyfile you have contains the key but not in the binary
format. The only part you need is that "character salad" in between the
BEGIN -- END. This is the base64 encoded version of your key.
So you need to cut of the first and the last line and pass the rest through
a base64-decoder. The result should be your binary pkcs#8 encoded key.

BTW: After publishing the complete private key you should make a new one
and delete the published one...

Jan
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.