Solved

Java Security - RSA Key generation

Posted on 2004-08-21
5
337 Views
Last Modified: 2012-06-22
I have created the following class RSAM that generates a RSA public key and writes it to exportedRSAKey

Then another class ImportRSA reads exportedRSAKey and generates the key, however the key is not generated and "key" contains null values , could some body find what's wrong

I have done the same thing for the public key and its working fine. The purpose is well known - to do asymettric encryption

______________________________________________________________
import java.security.*;
import java.security.spec.*;
import java.io.*;

public class RSAM {
    public static void main(String args[]) {
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(512, new SecureRandom(  ));
            KeyPair kp = kpg.generateKeyPair(  );
            Class spec = Class.forName(
                            "java.security.spec.RSAPrivateKeySpec");
            KeyFactory kf = KeyFactory.getInstance("RSA");
            RSAPrivateKeySpec ks = (RSAPrivateKeySpec)
                                  kf.getKeySpec(kp.getPrivate(  ), spec);
            FileOutputStream fos = new             FileOutputStream("exportedRSAKey");
            ObjectOutputStream oos = new ObjectOutputStream(fos);

            oos.writeObject(ks.getModulus());
            oos.writeObject(ks.getPrivateExponent(  ));        



        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}

______________________________________________________________________

import java.security.*;
import java.security.spec.*;
import java.io.*;
import java.math.*;

public class ImportRSA {
    public static void main(String args[]) {
        try {
            FileInputStream fis = new FileInputStream("exportedRSAKey");
            ObjectInputStream ois = new ObjectInputStream(fis);
            RSAPrivateKeySpec ks = new RSAPrivateKeySpec(
                        (BigInteger) ois.readObject(  ),
                        (BigInteger) ois.readObject(  )                      
                        );
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PrivateKey pk = kf.generatePrivate(ks);
            System.out.println("Got private key");
         System.out.println("private Key encoded :"+pk.getEncoded());

        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}
0
Comment
Question by:anshuma
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 11868413
I am not an expert on security/encryption but the null values of the encoding means that it can't find the primary encoding of the key. "Key encoding is the process of converting an encryption or decryption key into a specific encoding format for storing and transmitting."

(from: http://www.geocities.com/herong_yang/jdk/jca_encoding.html)

From what I can see you are actually using a key specification, not the key itself. SO you do not encode anything. In your second programme (ImportRSA) you get the specification of the key from the saved file (exportedRSAKey) but not the actual key and therefore not the encoding of the key. The encoding is always with regards to the key not to the key specification.



0
 

Author Comment

by:anshuma
ID: 11869928
Hi Girionis,

I have done the same things for the Public Key. If you edit the above two files and replace "private" by "public" then it actually works. I don't get a null value for the public key.

0
 
LVL 35

Accepted Solution

by:
girionis earned 200 total points
ID: 11870234
I do not know what exactly is going on, maybe because it is a public key it does not care if it exposes its encoding. Try the following and you will see it you can get the encoded key:

import java.security.*;
import java.security.spec.*;
import java.io.*;

public class RSAM {
    public static void main(String args[]) {
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(512, new SecureRandom(  ));
            KeyPair kp = kpg.generateKeyPair();
            //Class spec = Class.forName("java.security.spec.RSAPrivateKeySpec");
            //KeyFactory kf = KeyFactory.getInstance("RSA");
            //RSAPrivateKeySpec ks = (RSAPrivateKeySpec) kf.getKeySpec(kp.getPrivate(), spec);
                  PrivateKey pk = kp.getPrivate();
                  /*
            FileOutputStream fos = new FileOutputStream("exportedRSAKey");
            ObjectOutputStream oos = new ObjectOutputStream(fos);

            oos.writeObject(ks.getModulus());
            oos.writeObject(ks.getPrivateExponent());
                  */
            System.out.println("Got private key");
                  System.out.println("private Key format :"+pk.getFormat());
                  System.out.println("private Key encoded :"+pk.getEncoded());

        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}
0
 

Author Comment

by:anshuma
ID: 11870455
It works but doesn't solve my purpose. Here's what I am doing I have created 3 java files

One generates a key pair and writes the public and private key in byte formats to two different files


exportedRSAKey         - stores primary key
exportedRSAPublicKey - stores public key

Then I use the other two files to read them and generate the keys and use them to encrypt and decrypt.

By using your program , I still need to write the key bytes in two files and generate the keys at some other location
0
 
LVL 35

Expert Comment

by:girionis
ID: 11870893
Hmm.. Sorry I am not sure what's going on, I have only limited experience with security and encryption. Maybe someone else can help you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
groupSumClump challenge 9 100
java 8 lambda expresssions exception handling 3 75
web services creation SOAP vs REST 5 19
expectj telnet failing 5 23
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
This video teaches viewers about errors in exception handling.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now