aspose file tools*
The moose likes Java in General and the fly likes Byte array output from KeyPairGenerator Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Byte array output from KeyPairGenerator" Watch "Byte array output from KeyPairGenerator" New topic
Author

Byte array output from KeyPairGenerator

Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Given:


How do we convey the public key ? As a file, using standard byte to file writing ? Because this is not intended to be a Character Conversion compliant output, it's either write some code to do some conversion to hex String, use the String class methods or just convey the byte[] as it is, in a file and hope that no one tries to look in it using the shell.

That last one scares me, I know we could take a SHA or MD-5, and keep that somewhere ~ but it just sounds silly to convey a pub.key file that is not converted into printable characters. People always get curious.
[ September 17, 2007: Message edited by: Nicholas Jordan ]

"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Tamas Jano
Ranch Hand

Joined: Feb 21, 2007
Posts: 55
It's the JCA you should look into.
Basically you will need a keystore where all your keys will be stored. This keystore can be anything from a file or database to a hardware module's encrypted flash RAM.
When you connect to one of these keystores you use a Security Provider and this provider is accessed via a provider configured in $JAVA_HOME/lib/security/java.security. Then you can retrieve, create key pairs and store them in the keystore and use them securely whenever you need them. There are lots of security providers out there and different protection mechanisms ranging from PINs to Smartcards. SUN has one provider bundled with the JDK and you can use it.

To read more here are a few links:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
[ September 17, 2007: Message edited by: Tamas Jano ]
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
[Tamas Jano:]It's the "Java Cryptography Architecture" (JCA) you should look into.

That's what I am doing, in general. I am reading that, my question involves conveying the key. In general, you may convey a key by some sort of byte to character conversion:
(belvcomp.com.pky)

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Belvedere Computer Services"
AAAAB3NzaC1yc2EAAAABJQAAAIEAjhRT1vtEghOj0Nr5/ey39lKO+PShC9GZ3E0K
TeXyADu3+/BrTFdAr9SRQ+BWokIUzQ0iuwsv8zdyZrxKTqO58Rgl1bqM9T4Ljgc9
soAVm+QihList/H0BDY4AgVb10SxMPwrvL1JHSVCwEnpI2lqAniGDIOpn368A1au
D9er7zs=
---- END SSH2 PUBLIC KEY ----

The other availment I see is to encode some key in an application, the reasoning being if one ships it as an attachment in the distribution { "This program needs this file to operate correctly." } Then you run the terrible risk of a curiosity seeker trying to look at the file with an editor and it just makes for a long list of aches and pains that get into a theory of culture, cultural evolution and memetics.

My question is: Given some Bob, how do you get the key to Bob ?

I am not real worried about Eve - at this point - I am trying to avoid design decisions that will impede Key Control later.

Reasonable people, trying to fix the computer.

And what would be standard practice, if any.


[ September 17, 2007: Message edited by: Nicholas Jordan ]
Tamas Jano
Ranch Hand

Joined: Feb 21, 2007
Posts: 55
I'm not exactly sure if I understand it correctly.
You have an application that needs a key to operate. It is a desktop app and when you ship it you want to ship the key with it.
You are trying to pass the public key. This is a base64 encoded string that will be converted into a byte array that will make up your key.
Here is a good reading on distribution.
Is it possible for you to set up a certificate and obtain the key through that instead of shipping it directly? You could ask for a password at the first launch and generate a key with that and set up a locale keystore and keep the key safe in there.
Public keys are safe to distribute the private keys are the ones you should be worried about.
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
That was exactly what I was looking for.

I placed a shell shortcut directly on my desktop, and will copy it to the start quick shell link in the gui.

I only had to read a few sentences to see that was just exactly what my questin is/was.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Originally posted by Nicholas Jordan:

My question is: Given some Bob, how do you get the key to Bob ?


As long as you are talking about the Public key, you can send it anyway you like. Its public. You can buy a classified ad in the New York Times. You can email it. You can publish it in the .sig of an email. You can put it on the MIT public key servers.

If you query the key servers, and mirrors, you will see PGP keys that I made way back in 1992.
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
[PF:] ... send it anyway you like.

Allright, let's do some real work. Say the intended recipient is in hostile territory. In this case, the hostility is the security morass such as OHQS (KEY == ROT+1) - a common and widely available shell hooker that will totally foul up the machine. [a typical proprietary M$] The itended interlocutor has come to work on blue monday, the skies are clear and there are bunnies moving along rainbows of chromatic exuberance.

The intended communications are cleartext java source code, we are working on an ai project called Alice. In the office is an Eve, who has no evil intentions nor has any chance of putting the source code to any use, off-target or otherwise ~ all I want to do is place in the editor a key-control of some kind that will:

  •   1: Avoid use of the editor in an unauthorized manner.
  •   2: Avoid, avert or impede the transfer of executable.
  •   3: Authenticate the sender in a multi-coder project.


  • Sounds to me like a routine software installation matter, but people lose keys and I bet there are horror stories that make for preferred approaches to the situation. There is a limited amout that can be conveyed in a one sentence post title: If you see anything in this that suggests discussion may provoke improvement, please let me know.

    Please also examine the sources provided above,I used the same approach to generate what I believe to be cryptographically reasonable 2048 bit keys on my remote. I may get around to writing some preliminary tests tonight. One interlocutor in encipherment told me runs up / runs down had proven more useful than entrophy testing or spectral analysis.

    Your opinion ? Comments ?

    [ September 22 ... I was thinking about what you said and wrote the following trying to nail it down. I decided the public key should be encoded in the app, in my application. Any secret key would have to remain in leather attache attached to the wrist. ]

    Command Line:
    C:\jdev\Alice\test\alice>java -cp . TeaParty
    Using default datafile name: Data.dat
    opened Session.log for results.
    Initalizing buffer ...
    entering Output Stream constructor.
    allocating and copying supplied array.
    arraycopy completed.
    internal file object constructed.
    entering run method of data file buffer thread.
    try of write method.
    Entered write method.100 : 100
    73 : 0
    1
    0

    C:\jdev\Alice\test\alice>

    source:
    [ September 22, 2007: Sources added by: Nicholas Jordan ]
    [ September 22, 2007: Message edited by: Nicholas Jordan ]
    Pat Farrell
    Rancher

    Joined: Aug 11, 2007
    Posts: 4659
        
        5

    Originally posted by Nicholas Jordan:
    [PF:] ... send it anyway you like.

    Allright, let's do some real work. Say the intended recipient is in hostile territory.[/QUOTE
    I am not following you, and don't have time to look at the source code.

    If you are using RSA crypto, in typical usage patterns, both sides generate key pairs and exchange the public sides and keep the private keys private forever.

    They *publish* the public keys. They are public. They publish it anyway they like.

    When they want to send any messages, say the proverbial "attack at dawn with details, whatever data, media, etc. is appropriate" the sender generates a random session key of 128 bit length, signs and enciphers the session key, sends the resulting cipher text of the session key over insecure channels. They then follow that with the message data enciphered with the session key using a symmetric cipher such as AES-128.

    The security depends only on the strength of the published algorithm, in this case AES-128, and the session key.

    The receiver uses their private key to decipher the first part of message (containing the session key) and uses the retrieved session key to decipher the message, media, etc.

    All of this depends on assumptions that while the messages pass through unknown, uncontrolled, and untrusted channels, the end point computers are trusted.

    If the receiving computer is not trusted, there is no point in using it to decipher any messages.
    Nicholas Jordan
    Ranch Hand

    Joined: Sep 17, 2006
    Posts: 1282
    [PF:]I am not following you, and don't have time to look at the source code.

    I am comfortable with this.

    You have answered my question, it's just one of those that one does not really want to hear the answer to, so goes on at some length trying to achieve useable solution.

    I will not sleep as well tonight, but that is the real world.
     
    It is sorta covered in the JavaRanch Style Guide.
     
    subject: Byte array output from KeyPairGenerator