views:

150

answers:

1

Background

RSA key generation with OpenSSL on Linux using the command,

openssl genrsa -out mykey.pem 1024

created the following:

"-----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQChs9Fepy5FgeL0gNJ8GHcKRHsYnM2Kkw19zwydDQNyh2hrHWV2
 B11wpLFp8d0imcl2Wjb0oV/AxOhb3unQgNzs66LVuXJwS8icp3oIJZtExs6tkxzE
 s5mnU68wMeCYtJqHIZOmNblVWvpJMLNAwAVi3oLfnzDDbzjnDapm8M21nQIDAQAB
 AoGAZ11P1+acUHgvwMXcRtFIvvp5iYkqZouL00EYOghIjNx75gTbh7A7jbbpZeTi
 y6xsuMgAWy4QzGPSeG+tHMhS7+dYQNPuKSv5KtK3V7ubXz/I3ZN1etRVecA56QNw
 7HKv6b7srolt08kogGIwpbbfl/mhfJHnv4Jeqd5lNMnK4e0CQQDWFZo4h22OlSaH
 ZGd3i4rwLrA0Ux5bkdh7YH0uEeE/nGzpVs1DPhsN8UCyq9LAiKYLlXeeCvwurKwo
 OgKlUCkzAkEAwVy2KignoRInFTAaYH8PQRfD835q+oC0Iu21BF68ne06U6wu+wWk
 bWiYxTOOb+TGZfA1vA6OAvGVGoXs1bHF7wJBAItGiop0MKYuCl7Sxy1SrxUKir+/
 w2Q3QesiHs41+6Byl7hGLEuuv9MWPM0AU5/GRqAKoUNESkPjOi0BcG8z81kCQGGn
 OvCreugjzM0skAWv5bpQEExGyixdF5yURFlCpytzBYQAb3Gi9dmze4QMd6EW/wO4
 fsrM5vehnlXY0TVTJM0CQQCMPVhub8LSo7T/lCzypvb/cgxJfyITRKcM2asrXud5
 r27kbzsXqYum4huHqyFkb3pZammsYA/z89HchylfrD4U
 -----END RSA PRIVATE KEY-----"

The following code under Java 6,

KeyPairGenerator keyGen = null;
try {
  keyGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
  throw new RuntimeException(e);
}
KeyPair pair = keyGen.generateKeyPair();
privateKey = new Base64Encoder().encode(pair.getPrivate().getEncoded());
publicKey = new Base64Encoder().encode(pair.getPublic().getEncoded());`

output the following:

"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIsJlqFOP+jPyYvrGwh+dff30a3p
 uHysMfHYi1MyNSFCsT/2QbOc/k9U/X28WRCMeFwEEnReLULXA9Ywox8GycI/ApMX+DjKBrrLDbpr
 ATLiu9+NMK4VSytKFI87P07HAni3RkiO4rFNEINVQ7t38ZmHavuXHjMkLEAK4dyLQO9NAgMBAAEC
 gYBN/jv0EmwBUgYSKflJI39TcT263B+0N/fwXXOSYNiy5rF9WstyUP/LSrbEAJLJmLKvk00y391t
 4CVz0ma+sdUdAPlS7Nmx9f3BThGOGcDmpjVo1y4e1afWtyu66ba/XDeuf7q5Y/h/pr20/gXl9Gz2
 yefQrzU9xXGKZhE/lxJ2IQJBAMELpeAal+Fa+u0InGrowVmV+lge8RZqKRfCDzPPna465E5Qcekb
 J0ShsarP5lnUfrNH5g8GLaDGQwYE/UoIpPkCQQC4YRfck5uMlI1K3F9YC3XvmFAJnf9YexoPfNSu
 dznOD4rxlwzW/5daPOR0jjlyIRDH/QuUoPIIEn1mt3dnz7X1AkBZciozgl7pPhySA7FmH96mwcUz
 W3LdrebIaVRd707iUctDNibxmXFCbaFCwf27laf3LdM9FuHBYtvfSCSMTyERAkEAlNAQsUAVmKZB
 T72D2o0Nd/7oAosaD7DzvLJU+idSaWUUEJ+IhnKuFu/0t7oe1WWopLEwypoIHsnFmsTTQ99ajQJA
 Scwh3P3RTN4F6Jz1SxRSe6L729xI8xkbco5EsMq5v5BZeoGynqdPUUZdAPcaO2k5UagaSejvzgna
 8xIqR7elVQ=="

"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCZahTj/oz8mL6xsIfnX399Gt6bh8rDHx2ItT
 MjUhQrE/9kGznP5PVP19vFkQjHhcBBJ0Xi1C1wPWMKMfBsnCPwKTF/g4yga6yw26awEy4rvfjTCu
 FUsrShSPOz9OxwJ4t0ZIjuKxTRCDVUO7d/GZh2r7lx4zJCxACuHci0DvTQIDAQAB"

Questions

  1. How do I put "armor" around the private and public keys created through Java code?

  2. Why is each line of the keys generated through Java code longer than those output by OpenSSL?

  3. Does it make any difference? One of the tools another team is using fails when signing a message when trying to use the private key created by Java. It does not fail if with the key generated by OpenSSL.

  4. Is there a way I can export a compatible key with Java?

+1  A: 
erickson
Thanks for the reply. :)The tool other team is using has expectations of private keys documented as `PEM-encoded private key or a base64-encoded DER private key`i was trying for 2nd option.- .getEncoded() returns - DER form of ASN.1 (http://download.oracle.com/javase/6/docs/api/java/security/spec/PKCS8EncodedKeySpec.html)- then i further encode it to base64And still id does not work. Is there a way u could see? Is there a way to create private key directly to pem format?The restrictions are such that i have to create either of the form using java code only...
MiKu
@MiKu - PEM uses base-64. The "mykey.pem" in the question is, of course, a PEM key. "DER" is used to indicate the binary form. But even when you distinguish binary from base-64, you still need to know the expected structure of the key: PKCS #8, or native OpenSSL. The DER or PEM is just a final layer of encoding. "base64-encoded DER" really doesn't make any sense. How would that be different from PEM? Did you try my code?
erickson
i agree with what you are saying erikson. What i wanted to do was creating keys with java code such that the other tool can interpret it well. The default PKCS#8 structure was not that compatible with the tool. I got the work around with bouncy castle.`JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();keyPairGen.initialize(RSA_KEY_STRENGTH);KeyPair keyPair = keyPairGen.generateKeyPair();StringWriter stringWriter = new StringWriter();PEMWriter pemFormatWriter = new PEMWriter(stringWriter);pemFormatWriter.writeObject(keyPair.getPrivate());pemFormatWriter.close();`
MiKu
Also, i dont really know whether "base64-encoded DER" equates to PEM or not. More likely you are right stating they are essentially same.Need to verify (for my personal confirmation) that by creating .dem with openssl and do a BASE64 encoding of it to check whether it equates to .pem equivalent of the key. From what you suggested, it seems that should be equal. :)Thanks for the help though. ASN.1 was a good read. :)
MiKu