Solved

Java Security - RSA Key generation

Posted on 2004-08-21
5
326 Views
Last Modified: 2012-06-22
I have created the following class RSAM that generates a RSA public key and writes it to exportedRSAKey

Then another class ImportRSA reads exportedRSAKey and generates the key, however the key is not generated and "key" contains null values , could some body find what's wrong

I have done the same thing for the public key and its working fine. The purpose is well known - to do asymettric encryption

______________________________________________________________
import java.security.*;
import java.security.spec.*;
import java.io.*;

public class RSAM {
    public static void main(String args[]) {
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(512, new SecureRandom(  ));
            KeyPair kp = kpg.generateKeyPair(  );
            Class spec = Class.forName(
                            "java.security.spec.RSAPrivateKeySpec");
            KeyFactory kf = KeyFactory.getInstance("RSA");
            RSAPrivateKeySpec ks = (RSAPrivateKeySpec)
                                  kf.getKeySpec(kp.getPrivate(  ), spec);
            FileOutputStream fos = new             FileOutputStream("exportedRSAKey");
            ObjectOutputStream oos = new ObjectOutputStream(fos);

            oos.writeObject(ks.getModulus());
            oos.writeObject(ks.getPrivateExponent(  ));        



        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}

______________________________________________________________________

import java.security.*;
import java.security.spec.*;
import java.io.*;
import java.math.*;

public class ImportRSA {
    public static void main(String args[]) {
        try {
            FileInputStream fis = new FileInputStream("exportedRSAKey");
            ObjectInputStream ois = new ObjectInputStream(fis);
            RSAPrivateKeySpec ks = new RSAPrivateKeySpec(
                        (BigInteger) ois.readObject(  ),
                        (BigInteger) ois.readObject(  )                      
                        );
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PrivateKey pk = kf.generatePrivate(ks);
            System.out.println("Got private key");
         System.out.println("private Key encoded :"+pk.getEncoded());

        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}
0
Comment
Question by:anshuma
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:girionis
Comment Utility
I am not an expert on security/encryption but the null values of the encoding means that it can't find the primary encoding of the key. "Key encoding is the process of converting an encryption or decryption key into a specific encoding format for storing and transmitting."

(from: http://www.geocities.com/herong_yang/jdk/jca_encoding.html)

From what I can see you are actually using a key specification, not the key itself. SO you do not encode anything. In your second programme (ImportRSA) you get the specification of the key from the saved file (exportedRSAKey) but not the actual key and therefore not the encoding of the key. The encoding is always with regards to the key not to the key specification.



0
 

Author Comment

by:anshuma
Comment Utility
Hi Girionis,

I have done the same things for the Public Key. If you edit the above two files and replace "private" by "public" then it actually works. I don't get a null value for the public key.

0
 
LVL 35

Accepted Solution

by:
girionis earned 200 total points
Comment Utility
I do not know what exactly is going on, maybe because it is a public key it does not care if it exposes its encoding. Try the following and you will see it you can get the encoded key:

import java.security.*;
import java.security.spec.*;
import java.io.*;

public class RSAM {
    public static void main(String args[]) {
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(512, new SecureRandom(  ));
            KeyPair kp = kpg.generateKeyPair();
            //Class spec = Class.forName("java.security.spec.RSAPrivateKeySpec");
            //KeyFactory kf = KeyFactory.getInstance("RSA");
            //RSAPrivateKeySpec ks = (RSAPrivateKeySpec) kf.getKeySpec(kp.getPrivate(), spec);
                  PrivateKey pk = kp.getPrivate();
                  /*
            FileOutputStream fos = new FileOutputStream("exportedRSAKey");
            ObjectOutputStream oos = new ObjectOutputStream(fos);

            oos.writeObject(ks.getModulus());
            oos.writeObject(ks.getPrivateExponent());
                  */
            System.out.println("Got private key");
                  System.out.println("private Key format :"+pk.getFormat());
                  System.out.println("private Key encoded :"+pk.getEncoded());

        } catch (Exception e) {
            e.printStackTrace(  );
        }
    }
}
0
 

Author Comment

by:anshuma
Comment Utility
It works but doesn't solve my purpose. Here's what I am doing I have created 3 java files

One generates a key pair and writes the public and private key in byte formats to two different files


exportedRSAKey         - stores primary key
exportedRSAPublicKey - stores public key

Then I use the other two files to read them and generate the keys and use them to encrypt and decrypt.

By using your program , I still need to write the key bytes in two files and generate the keys at some other location
0
 
LVL 35

Expert Comment

by:girionis
Comment Utility
Hmm.. Sorry I am not sure what's going on, I have only limited experience with security and encryption. Maybe someone else can help you.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
hash value 2 38
count8 challlenge 13 84
basic hardware to learn oop advanced design patterns 3 71
advertisement module in core php 4 78
For customizing the look of your lightweight component and making it look opaque like it was made of plastic.  This tip assumes your component to be of rectangular shape and completely opaque.   (CODE)
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now