views:

39

answers:

2

Hi, I want to read issuer String from users public key with bouncy castle... is there any one have some code or something from which i can get help...

A: 

If you can obtain the certificate object, then you can do the following:

((X509Certificate) certificate).getIssuerX500Principal().getName();

The public key itself does not have an issuer - only a certificate has. And you can get the public key from the certificate, but not vice-versa.

Update: Since it appears that you want to verify the validity of your users, the public key alone does not provide this info. Public keys are used for encryption / digital signature verification, but for the rest of PKI you need the certificate. Actually, verifying the issuer that is written in the certificate gives you no guarantee whatsoever. You need to check:

  • the certificate revocation lists - i.e. whether the certificate is not revoked. This is done either via the provided CRLs or via the ocsp protocol.
  • the expiration of the certificate
Bozho
hi,thanks for reply ,but i cant get certificate object also...if possible then can u elaborate it ....
Sanju
How come you have a pubic key but no cert? Something very odd about that situation.
EJP
hi buddy actually i want to check users public key as well as issuer also , so i want get issuer from public key so i can check...., so if you have any better idea to check issuer and public key both then u can share with me... i have only public key of user....
Sanju
then that is not enough. The public key is used for encryption / signature verification only. For the rest of PKI you need a certificate.
Bozho
+1  A: 

The public key object doesn't say who generated it. It just contains what you need to encrypt (or verify) with the public key.

If you got the public key from a certificate (java.security.cert.X509Certificate), then you can get the certificate issuer from that by using getIssuerX500Principal().

The certificate is a binding of an identity to a public key. As part of that, the certificate indicates who it was issued by. So you can verify whether you trust that issuer and, therefore, the binding.

Also, the key pair very likely wasn't generated by the certificate issuer. The subject just proved to the issuer that it did possess the associated private key.

Shawn D.