i need to create a public key for RSA algorithm from a binary string.
My code is:
String pubKey = "tihq/Gk3OUs5NzP+XTRKXBwSxHtB0TWn0RREcpXEtp316tyD9DzKaIbdKexb/mRr";
byte[] keyBytes = Base64.decode(pubKey,Base64.DEFAULT);
//test if is correct: ok
Log.d("response keyBytes",new String(Base64.encode(keyBytes,Base64.DEFAULT)));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(spec);
//PublicKey publicKey = (PublicKey) keyFactory.generatePublic(spec);
But i have this error:
java.security.spec.InvalidKeySpecException: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SOLVED.
The problem is that i have modulus and exponent and so i must to do this:
String pubKey = "tihq/Gk3OUs5NzP+XTRKXBwSxHtB0TWn0RREcpXEtp316tyD9DzKaIbdKexb/mRr"; //64 caratteri
String exponent = "AQAB";
byte[] keyBytes = Base64.decode(pubKey,Base64.DEFAULT);
byte[] exponentByte = Base64.decode(exponent,Base64.DEFAULT);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(keyBytes), new BigInteger(exponentByte));
RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
Related
Is it possible to take a public key that I have generated, convert it into a string, reverse the process and use it as a key again?
generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair keyPair = generator.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Then convert this to a string:
String public = someMethod(publicKey)
and then Reverse it at a later time:
RSAPublicKey newPublicKey = someMethod(public)
You can convert the Public Key to a String as follows.
String publicKeyString = Base64.getEncoder().encodeToString(publicKey.getEncoded());
Then that String can be converted back to a public key as follows.
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyString);
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey2 = keyFactory.generatePublic(spec);
I've used the following code to convert the public and private key to a string
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(2048);
KeyPair keyPair = keyPairGen.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
String publicK = Base64.encodeBase64String(publicKey.getEncoded());
String privateK = Base64.encodeBase64String(privateKey.getEncoded());
Now I'm trying to convert it back to public ad private key
PublicKey publicDecoded = Base64.decodeBase64(publicK);
I'm getting error of cannot convert from byte[] to public key. So I tried like this
PublicKey publicDecoded = new SecretKeySpec(Base64.decodeBase64(publicK),"RSA");
This leads to error like below
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Neither a public nor a private key
Looks like I'm doing wrong key conversion here. Any help would be appreciated.
I don't think you can use the SecretKeySpec with RSA.
This should do:
byte[] publicBytes = Base64.decodeBase64(publicK);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(keySpec);
And to decode the private use PKCS8EncodedKeySpec
I am trying to generate shared secret using EC named curve and finding mismatch in client vs server shared secret.
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Client
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC");
ECGenParameterSpec ecGenParameterSpec = new ECGenParameterSpec(ecCurveName);
kpg.initialize(ecGenParameterSpec, new SecureRandom());
ECPublicKey ephemeralPublicKey = (ECPublicKey) kpg.generateKeyPair().getPublic();
ECPrivateKey clientEphemeralPrivateKey =(ECPrivateKey) kpg.generateKeyPair().getPrivate();
BigInteger pointx = ephemeralPublicKey.getW().getAffineX();
BigInteger pointy = ephemeralPublicKey.getW().getAffineY();
String eCClientEphemeralPublicKeyString = ("04"+pointx.toString(16)+pointy.toString(16)).toUpperCase();
byte[] remoteECCPkBytes = DatatypeConverter.parseBase64Binary(remoteECCPkBase64);
KeyFactory keyFactory= KeyFactory.getInstance("EC","BC");
X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(remoteECCPkBytes);
PublicKey serverECCPublicKey = keyFactory.generatePublic(pkSpec);
KeyAgreement ka = KeyAgreement.getInstance("ECDH","BC");
ka.init(clientEphemeralPrivateKey);
ka.doPhase(serverECCPublicKey, true);
SecretKey agreedKey = ka.generateSecret("AES[256]");
byte[] sharedSecret = agreedKey.getEncoded();
// Server
String clientEphemeralPKBase64 = java.util.Base64.getEncoder().encodeToString(new BigInteger(eCClientEphemeralPublicKeyString, 16).toByteArray());
byte[] clientECPublicKeybytes = DatatypeConverter.parseBase64Binary(clientEphemeralPKBase64);
ECParameterSpec ecParameterSpec = ECNamedCurveTable.getParameterSpec(ecCurveName);
ECCurve curve = ecParameterSpec.getCurve();
ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(curve.decodePoint(clientECPublicKeybytes), ecParameterSpec);
KeyFactory kf = KeyFactory.getInstance("EC","BC");
ECPublicKey ecClientPublicKey = (ECPublicKey)kf.generatePublic(pubKeySpec);
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.decodeBase64(serverprivateKeyBase64));
PrivateKey ecServerPrivateKey = kf.generatePrivate(privateKeySpec);
KeyAgreement ka = KeyAgreement.getInstance("ECDH","BC");
ka.init(ecServerPrivateKey);
ka.doPhase(ecClientPublicKey, true);
SecretKey agreedKey = ka.generateSecret("AES[256]");
byte[] sharedSecret = agreedKey.getEncoded();
This is of course deadly:
ECPublicKey ephemeralPublicKey = (ECPublicKey) kpg.generateKeyPair().getPublic();
ECPrivateKey clientEphemeralPrivateKey =(ECPrivateKey) kpg.generateKeyPair().getPrivate();
If you call generateKeyPair twice your public and private key will not be part of the same key pair.
You need to create two key pairs, one for the server, one for the client and then communicate the public keys. Creating a public key and immediately tossing away the private key cannot be useful, other than to retrieve the domain parameters in a roundabout way.
Instead you should do:
KeyPair clientEphemeralKeyPair = kpg.generateKeyPair();
ECPublicKey clientEphemeralPublicKey = (ECPublicKey) clientEphemeralKeyPair.getPublic();
ECPrivateKey clientEphemeralPrivateKey = (ECPrivateKey) clientEphemeralKeyPair.getPrivate();
I've created an org.bouncycastle.asn1.pkcs.RSAPrivateKey using its static getInstance(byte[]) from a PKCS#1 formated DER bytes,
now I want to cast(or change) this to PrivateKey, how to do that??
You can directly create the PrivateKey from an ASN.1 encoded bytes array.
public static PrivateKey makeKey(byte[] keyBytes) {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
KeySpec privateKeySpec = new PKCS8EncodedKeySpec(keyBytes);
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
return privateKey;
}
My application receives the raw pieces of a public RSA key (n and e) and needs to use these to encrypt a cipher text. I've been trying to use BouncyCastle but my code isn't working. The problem arises in trying to create the X509EncodedKeySpec.
Can anyone help me get this working? Here's the code I have:
public static PublicKey getPublicKeyFromString(String key) throws Exception
{
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64Encoder.decode(key));
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
return publicKey;
}
I guess the real problem is that n and e are separate and I don't know how to combine them.
Why are you not using new RSAPublicKeySpec(n,e)?
public static PublicKey getPublicKeyFromString(String key) throws Exception
{
BASE64Decoder b64 = new BASE64Decoder();
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(b64.decodeBuffer(key));
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
return publicKey;
}