*
The moose likes Security and the fly likes How to test whether match a certificate (public key) with its corresponding private key? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to test whether match a certificate (public key) with its corresponding private key?" Watch "How to test whether match a certificate (public key) with its corresponding private key?" New topic
Author

How to test whether match a certificate (public key) with its corresponding private key?

Hugo Alberto Bedolla
Greenhorn

Joined: Nov 09, 2010
Posts: 17
Hi everybody:

I need to match a public key (a key inside a certificate, .crt file) with his (temptative) pair which lives inside a JKS file. I'm looking for any method at the docs but nothing similar. Basically I need to test whether both are associated one to another. Do you know how do I do?

Thanks in advance.
Arshad Noor
Ranch Hand

Joined: Oct 06, 2011
Posts: 34
Every X509 v3 digital certificate will have a certificate extension called SubjectKeyIdentifier (SKI). This is a hash (usually MD5 of SHA1) of the raw public key in the certificate. Compare this hash to the hash found in the SKI extension of the certificate in the JKS file. If the hashes match, they are the same public key.

Note that even if the hashes of the public-keys match, they are not likely the same certificate - just the same key. Depending on how the certificate was created and who issued it, the digital certificates could have completely different Subject DNs, key-usages, etc. If you need to determine if the certificates are identical, then you need to match up the Issuer DNs, the Subject DNs, the AuthorityKeyIdentifier (AKI) values, the SKI values and certificate serial numbers before you can determine that they are the same certificates.

Arshad Noor
StrongAuth, Inc.
Hugo Alberto Bedolla
Greenhorn

Joined: Nov 09, 2010
Posts: 17
Hi Ashaad:

Thanks a lot for your feedback. It helped me a lot. Good day
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to test whether match a certificate (public key) with its corresponding private key?