原文地址:https://stackoverflow.com/questions/7611383/generating-rsa-keys-in-pkcs1-format-in-java

When I generate an RSA key pair using the Java API, the public key is encoded in the X.509 format and the private key is encoded in the PKCS#8 format. I'm looking to encode both as PKCS#1. Is this possible? I've spent a considerable amount of time going through the Java docs but haven't found a solution. The result is the same when I use the Java and the Bouncy Castle providers.

Here is a snippet of the code:

KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA","BC");

keygen.initialize(1024);

KeyPair pair = keygen.generateKeyPair();

PrivateKey priv = pair.getPrivate();

PublicKey pub = pair.getPublic();

byte[] privBytes = priv.getEncoded();

byte[] pubBytes = pub.getEncoded();

The two resulting byte arrays are formatted as X.509 (public) and PKCS#8 (private).

Any help would be much appreciated. There are some similar posts but none really answer my question.

Thank You

You will need BouncyCastle:

import org.bouncycastle.asn1.ASN1Encodable;

import org.bouncycastle.asn1.ASN1Primitive;

import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;

import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

import org.bouncycastle.util.io.pem.PemObject;

import org.bouncycastle.util.io.pem.PemWriter;

The code snippets below have been checked and found working with Bouncy Castle 1.52.

Private key

Convert private key from PKCS8 to PKCS1:

PrivateKey priv = pair.getPrivate();

byte[] privBytes = priv.getEncoded();

PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privBytes);

ASN1Encodable encodable = pkInfo.parsePrivateKey();

ASN1Primitive primitive = encodable.toASN1Primitive();

byte[] privateKeyPKCS1 = primitive.getEncoded();

Convert private key in PKCS1 to PEM:

PemObject pemObject = new PemObject("RSA PRIVATE KEY", privateKeyPKCS1);

StringWriter stringWriter = new StringWriter();

PemWriter pemWriter = new PemWriter(stringWriter);

pemWriter.writeObject(pemObject);

pemWriter.close();

String pemString = stringWriter.toString();

Check with command line OpenSSL that the key format is as expected:

openssl rsa -in rsa_private_key.pem -noout -text

Public key

Convert public key from X.509 SubjectPublicKeyInfo to PKCS1:

PublicKey pub = pair.getPublic();

byte[] pubBytes = pub.getEncoded();

SubjectPublicKeyInfo spkInfo = SubjectPublicKeyInfo.getInstance(pubBytes);

ASN1Primitive primitive = spkInfo.parsePublicKey();

byte[] publicKeyPKCS1 = primitive.getEncoded();

Convert public key in PKCS1 to PEM:

PemObject pemObject = new PemObject("RSA PUBLIC KEY", publicKeyPKCS1);

StringWriter stringWriter = new StringWriter();

PemWriter pemWriter = new PemWriter(stringWriter);

pemWriter.writeObject(pemObject);

pemWriter.close();

String pemString = stringWriter.toString();

Check with command line OpenSSL that the key format is as expected:

openssl rsa -in rsa_public_key.pem -RSAPublicKey_in -noout -text

Thanks

Many thanks to the authors of the following posts:

Those posts contained useful, though sometimes outdated info (i.e. for older versions of BouncyCastle), that helped me to construct this post.

Generating RSA keys in PKCS#1 format in Java--转的更多相关文章

  1. Generating SSH Keys [Ubuntu Linux]

    Generating SSH Keys We strongly recommend using an SSH connection when interacting with GitHub. SSH ...

  2. String.Format in Java and C#

    原文:String.Format in Java and C# JDK1.5中,String类新增了一个很有用的静态方法String.format(): format(Locale l, String ...

  3. Generating SSH Keys on windows

    two ways here I provide: use openSSH command line on git bash(such as msysgit bash) ls -al ~/.ssh ss ...

  4. 生成ssh公有密钥而且注冊到Github Generate ssh rsa keys and register public key on Github

    私有密钥和公有密钥是成对的两个文件,私有文件保存在自己的本机,公有密钥保存到还有一端的server,站点等. github就是一种站点. 仅仅有保存了私有密钥的机器才干訪问远程的server等. 使用 ...

  5. Generating SSH Keys for github

    由于最近电脑重装了Windows 8.1, 想用github维护一些代码.故不得不重新生成一下ssh key. 按https://help.github.com/articles/generating ...

  6. 使用 RSA 非对称加密保证数据不被篡改 java 例子代码

    原理: 对原始数据 生成有序的json 字符串,然后取 摘要,然后 对摘要 进项 分对称加密.( 不对原数据加密是应为 原数据太大,加解密速度太慢,非对称加密都不 挺慢的.在摘要函数具有雪崩效应 ,原 ...

  7. hadoo namenode format 异常 java.net.UnknownHostException: localhost.localdomain: localhost.localdomain

    /etc/sysconfig/network换成你在hosts里设置的值 /etc/rc.d/init.d/network restart 重启网络 hostname后就会发现hostname变了,也 ...

  8. 基于RSA securID的Radius二次验证java实现(PAP验证方式)

    基于rsa SecurID的二次验证.RSA server自身可以作为Radius服务器,RSA也可以和其他的软件集合,使用其他的server作为Radius服务器. radius的验证的一般流程如下 ...

  9. 自己实现简单的RSA秘钥生成与加解密(Java )

    最近在学习PKI,顺便接触了一些加密算法.对RSA着重研究了一下,自己也写了一个简单的实现RSA算法的Demo,包括公.私钥生成,加解密的实现.虽然比较简单,但是也大概囊括了RSA加解密的核心思想与流 ...

随机推荐

  1. hdu - 1151 Air Raid(有向无环图的最小路径覆盖)

    http://acm.hdu.edu.cn/showproblem.php?pid=1151 在一个城市里有n个地点和k条道路,道路都是单向的,并且不存在环.(DAG) 现在伞兵需要去n个地点视察,伞 ...

  2. POJ 2785_4 Values whose Sum is 0

    题意: A,B,C,D四组数中各取一个数,使这四个数相加为0,问有多少组取法? 分析: 四个数列有n4种取法,规模较大,但是可以将他们分成AB,CD两组,分别枚举,最后再合并. 代码: #includ ...

  3. Ubuntu 16.04出现:qmake: could not exec '/usr/lib/x86_64-linux-gnu/qt4/bin/qmake': No such file or directory

    没有安装qt4-qmake,安装即可: sudo apt-get install qt4-qmake 参考: https://stackoverflow.com/questions/23703864/ ...

  4. mysql-performance-schema

    http://www.fromdual.com/mysql-performance-schema-hints http://www.cnblogs.com/cchust/

  5. 作为一名CEO

    你 不能怕得罪人 不能奢望完成工作的时候 有太多的愉悦感 你 必须要去做左右为难但左右亦可的 操蛋决策 你 得脸皮够厚 肚囊儿宽超 什么事情都能快速消化 哪怕 是 一坨屎 你 还得 决不放弃 永不言败 ...

  6. Centos samba install

    Ready Change Root Password passwd root 在提示下建立新密码 静态IP vi /etc/sysconfig/network-scripts/ifcfg-eth0  ...

  7. swift学习笔记(四)关于类的继承

    在swift中,继承是区分类与其它对象的基本特征 继承后的子类能够重写父类的方法,包含类方法和实例方法,属性和附属脚本(subscript) 在继承过程中,构造器方法init()是不被继承的,须要显示 ...

  8. u

    Atrrible /s/d –s –h  u盘修复

  9. 使用mpxj读取MSPrjoect

    import java.util.ArrayList; import java.util.Calendar; import java.util.Hashtable; import java.util. ...

  10. gdb 8.0.1连接qemu时,出现“Remote 'g' packet reply is too long”

    1 原因 “Note that other tutorials also add a "-S" parameter so QEMU starts the kernel stoppe ...