4

I'm writing a java program to import private keys from files within the file system and make a private key object, using java... I could do it for files in .pem format but, with .der format, I had no idea what to do, since I couldnt firstly detect the algorithm used to generate the keys. within .pem files I could determine the algorithm from the header for PKCS#1 which have a header like
-----BEGIN RSA PRIVATE KEY----
formats and used the bouncycastle pem reader for those in PKCS#8 which have a header
-----BEGIN PRIVATE KEY----- but with those in .der format no idea :(
also if anyone have an idea about .key format tell me
thanx

Improve this question

2 Answers 2

Reset to default
8

If your DER files are in PKCS#8 format, you can use the Java KeyFactory and do something like this:

// Read file to a byte array. String privateKeyFileName = "C:\\myPrivateKey.der"; Path path = Paths.get(privateKeyFileName); byte[] privKeyByteArray = Files.readAllBytes(path); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyByteArray); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey myPrivKey = keyFactory.generatePrivate(keySpec); System.out.println("Algorithm: " + myPrivKey.getAlgorithm());

You mentioned that you may not know what algorithm the key is using. I'm sure there is a more elegant solution than this, but you could create several KeyFactory objects (one for each possible algorithm) and try to generatePrivate() on each one until you do not get an InvalidKeySpecException.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks I know I could use this, but I want it for an application that works with all types of keys, I'm not interested in a certain key
@monim, that's why I mentioned that you can instantiate multiple KeyFactories...one for each type of key that is possible, and then just catch the exceptions for those it doesn't work for. The one it does work for will give you the correct PrivateKey object.
hmmmm, and what if the DER file in PKCS#1 , this strategy wont work
1

thanks @gtrig using ur idea and editing the code like this : 

 PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(KeyBytes); try KeyFactory keyFactory = KeyFactory.getInstance("RSA"); privateKey = keyFactory.generatePrivate(keySpec); algorithm = keyFactory.getAlgorithm(); //algorithm = "RSA"; //publicKey = keyFactory.generatePublic(keySpec); } catch (InvalidKeySpecException excep1) { try { KeyFactory keyFactory = KeyFactory.getInstance("DSA"); privateKey = keyFactory.generatePrivate(keySpec); algorithm = keyFactory.getAlgorithm(); //publicKey = keyFactory.generatePublic(keySpec); } catch (InvalidKeySpecException excep2) { KeyFactory keyFactory = KeyFactory.getInstance("EC"); privateKey = keyFactory.generatePrivate(keySpec); } // inner catch }

the code is working well now

Improve this answer

3 Comments

This won't work if the key is in PKCS#1 format. In order to read both PKCS#1 and PKCS#8 PEM/DER files, I use the source code of Apache JMeter's org.apache.jmeter.protocol.oauth.sampler.PrivateKeyReader.
How do I use the source, @JulienKronegg? Could you please post an example in a separate answer?
@arik: PrivateKey pk = (new PrivateKeyReader("/path/to/myfile.der")).getPrivateKey();

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.