Re: Decrypting PKCS8 private keys

Jan Luehe (luehe@laguna.eng.sun.com)
Thu, 20 May 1999 16:28:37 -0700 (PDT)

Message-Id: <199905202328.QAA01486@laguna.eng.sun.com>
Date: Thu, 20 May 1999 16:28:37 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Decrypting PKCS8 private keys
To: dtaylor@forge.com.au

David:

> To try and make things clear so I can "fix" the FORGE provider...
>
> For public keys My RSA key factory should accept:
>
> X509EncodedKeySpecs with an X.509 PublicKeyInfo structure encoded in it (as
> that is what is being passed in from the Certificate class)
> RSAPublicKeySpec

Correct.

You should be able to do something like this:

Certificate cert = <parse certificate>;

X509EncodedKeySpec sp =
new X509EncodedKeySpec(cert.getPublicKey().getEncoded());
KeyFactory kf = KeyFactory.getInstance(cert.getPublicKey().getAlgorithm());
PublicKey pub = kf.generatePublic(sp);

> For private keys it should accept:
>
> PKCS8EncodedKeySpecs with a PKCS8 PrivateKeyInfo structure encoded in it
> RSAPrivateKeySpec
> RSAPrivateCrtKeySpec (this can be used when reading a PKCS1 RSAPrivateKey
> encoded file, if the user decodes the DER themselves)

Correct.

> Is there anything else an RSA key factory should accept, either other key
> specs or different key storage formats?

No, that should be it.

Jan