Parsing X509 DSS Certificate to get P, Q, G and Y

Question

I am trying to parse a X509 Certificate that contains a Digital Signature Algorithm (DSA) public key.

Using the javax.security.cert.X509Certificate class and getPublicKey() method I've been able to get P, Q, G and Y:

P: 0279b05d bd36b49a 6c6bfb2d 2e43da26 052ee59d f7b5ff38 f8288907 2f2a5d8e 2acad76e ec8c343e eb96edee 11
Q: 036de1
G: 03 
Y: 02790a25 22838207 4fa06715 1def9df5 474b5d84 a28b2b9b 360a7fc9 086fb2c6 9aab148f e8372ab8 66705884 6d

However, I'm not sure what format this is and how to parse it to convert it to long\BigInteger in Java.

Does anybody know how to do this conversion?

I am currently assuming it is Hex and I am parsing it as so - but I'm not 100% sure if this is correct.

Thanks, Dave

Answer 1

You should already have the big integers. Here is how it goes for me:

X509Certificate xc = X509Certificate.getInstance(ecert);
PublicKey pkey = xc.getPublicKey();
DSAPublicKey dk = (DSAPublicKey)pkey;
DSAParams pp = dk.getParams();
System.out.printf("p = 0x%X\n", pp.getP());
System.out.printf("q = 0x%X\n", pp.getQ());
System.out.printf("g = 0x%X\n", pp.getG());
System.out.printf("y = 0x%X\n", dk.getY());

assuming the encoded certificate is in ecert. Interfaces DSAPublicKey and DSAParams are in java.security.interfaces.

You can also go through a KeyFactory and use the getKeySpec() method to export the public key as a DSAPublicKeySpec, which will offer the same values as BigInteger instances. I am not sure if there is a gain to go through that road, though.

What you show is probably some kind of encoding, but I am quite at a loss to know which one. Anyway, the 'Q' parameter shall be at least 160-bit wide in a proper DSA public key.