aspose file tools*
The moose likes Security and the fly likes Generate 2048 bit Sun RSAPrivateKey from a .pem file private key format Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Generate 2048 bit Sun RSAPrivateKey from a .pem file private key format" Watch "Generate 2048 bit Sun RSAPrivateKey from a .pem file private key format" New topic
Author

Generate 2048 bit Sun RSAPrivateKey from a .pem file private key format

S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9


Hi,

I'm writing a program where I have to pass RSA private key to an external API to get a signature. I have a .pem file with me where the private key is already there in encrypted format, starting and ending like below.

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqG7fDff7bYREXppBW4AYG0jpvIw+yw9KhUikdy0S8LLE2wtd
...
...
8O184BxPQfCQm6aZBCVKA1UOPfgcois0CFKPd3LlfH1FIzIEntK6/NsSD6+qmVnb
WkCMvQnqjzttaeGpoEH7EvNs4EI0sOdf+UaAeYrqmwYYuS/jRak7
-----END RSA PRIVATE KEY-----


I have to create a RSA private key using RSA algorithm and 2048 bit. The format needs to be like below.

Sun RSA private CRT key, 2048 bits
modulus: 25952556948018523376151504645984773294625329626210555760113851154374792929639200611996198140569361212357387383288069649494096381915928485174730577161274666292700061400642124512837514212078925255102532787557748733498958428515918368556221144503183642637787995916548374545732755438719230025896585461864573466605874773339584055799605231378760610469595757172591903277763751764798026373282691887813008565523404885210853099437137607885626165623865962950314716412003811474484910744672336192477422299631238641559234814475511465771017252896974214795726406845256016289102194217204717990222393515627489954560871916351817959057249
public exponent: 65537
private exponent: 25732777752966105955858172862739865087375729279192125584077975429354147949308246245155209234027774086415425590747598180622020707228906798047276231214336182080843422645780651160309555648401860337322013299374057832983342487477629544005986883929778285028132803617027732040386436881743946252388908806977489250453360928338244850217484731746070231391574142079620192866636807162033870980364516552002115950697328453809493218354608649614496204478732406525530118551869936876785660121085918714528761828781564237199140385970938013495900014231012753040938359422762997584857636590283936556313875253180881358870276193660539423028769
prime p: 177840417396098485179746275797573189506349517108541325810687002650806589492629448729007789007332920141833947992239832348636814725591125358408421358620606721170318539218011630894912551073125408979174804665257059442242908665831614059145817559226709989676676082074097238951613338620970574810484645858590804150517
prime q: 145931714106446300555538587894175830617330011334696476886485848321640355022875814040716896967107407540584245604726850207125115372703360468030954504709725126742590614927596316929044727893046361549312056909799440484682145889172781462874374311272934185319843806586741675663035840610049255465488515392879794606397
prime exponent p: 92142594459647529834497528739222045911128129193243957752531972199075156824568191419231708554450106601402467888742172318389790207396924678732873882742898238003865546449895523729613051928514371840286550608258979056423092400582545539044438729894596402176804141826877120494392213958735932957944621126604961254481
prime exponent q: 128728173767608634533412290839528799667645227661780948552491468595180593622342702374351656782663935446064296849945281860996231820366418542462082653642582347408576926615183341898240761161250945382414198422454727159619139356378346112123387602560379605223392744595970566424397897088782786940436037099314491142261
crt coefficient: 151456492681033397206042740401440316232540999394910330796092544734629962949170624794953493350595572625576347986338442532371608242836820243508386549938409961379239466277211800231497491251097220982847219731020832243297335774919443256070413001304429363539710557596286632579304598829204718722237960900339305322122

-
Please help to generate the private key.


Thanks,
Subhadip
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

Some points -

1) I hope the private key is not leaving the computer it was generated on.

2) 'PEM' stands for Privacy Enhanced Mail and is not a key format in its own right and it is usual for it to in effect be a wrapper round a DER RSA private key. One needs to know how the file was generated to be quite sure how it should be read what command was used to generate the key but if openssl was used then the following should work.

a) Read the file a line at a time stripping off the header and footer.
b) Base64 decode what is left.
c) Load the resulting byte array into a PKCS8EncodedkeySpec
d) Create an RSA Key factory.
e) Use the KeyFactory.generatePrivate() method to create a PrivateKey and caste it to an RSAPrivateKey.

The resulting RSAPrivate key contains the private exponent and modulus as BigIntegers but not the 'p' and 'q' values. In my experience it is unusual for anything but the private exponent and the modulus to be needed when creating an RSA signature but what external API are you using to get the signature?
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9


Hi Richard,

The private key .pem file is there in local system which is working as a workstation to contact with the server. We are using Chef, a cloud infrastructure automation framework to interact with the cloud VMs.
The private key is used to get authenticate with the Chef server with the servers own public key. A public-private ket set will generate while configuring the local git repository to authenticate,
but I'm not sure how the encryption is done. Here is the link for the opscode.com - http://docs.opscode.com/auth.html

We are using Apache Jclouds API to connect with private cloud via Chef. Here is the link for the topic - http://jclouds.apache.org/documentation/gettingstarted/what-is-jclouds/

I need to call the below method to get the authentication signature from Chef API. Here I have to pass the privateKey as a RSAPrivateKey which has been generated from the .pem file.

public String sign(String toSign) {
try {
byte[] encrypted = toByteArray(new RSAEncryptingPayload(Payloads.newStringPayload(toSign), privateKey));
return base64().encode(encrypted);
} catch (IOException e) {
throw new HttpException("error signing request", e);
}
}
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9
Hi,

I'm using below code to generate the RSA key.

public static void generateKEY()
{
try {
File f = new File("C:/opscode/chef/.chef/subhadip.pem");
FileInputStream fis = new FileInputStream(f);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] b = new byte[1024];
for(int readNum; (readNum = fis.read(b)) != -1;)
{
baos.write(b, 0, readNum);
}
byte[] bytes = baos.toByteArray();
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decodeBase64(bytes));
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey key = (RSAPrivateKey) kf.generatePrivate(spec);
System.out.println("the key is ::\n"+key);
fis.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

output ::
RSA Private CRT Key
modulus: cd95774b8f5c10965d5069108fbe43747cd1c59deadf7f605d716528f826fec710a4131e8585b3b83f53c2b0467b63714b7d13fad47f70674942c3ca94e0d1bb714b705b0719d6e5a120476ef5b3d9e4070da7a50c046c9e4d17fb588ab0e947d44830d6ce70e6081bb69d816756bacb8ed1bd9dc682f95656cc5d4122e909a716156c094d6976fbef51d7c69ded097f31a1fa63c95d210ac45780497fb1cc4378e33a48e6113f7ac763a2ea0d56fa22289df8a348374b4721b6a33b32795d0353f608f5e682acc2151ebffb6e366812fd422be52665297d8e4c9e2135db29242b4e568234e6113133e897e099e85b0c7164fce6b2911c29b840cd7efbf7a761
public exponent: 10001
private exponent: cbd7c5ff9fd83382446834a4fd4234744e475960e9c04df668f0c4d348aab1b904210bec198ca6d4abc60ba6e95bf310253f920e05a18efc7ac1be8d21ed8148106032b9af62c997ca99ccfa92999014ef817496cc419ec99fbb85b7175daf114fc57cd7a0be84f7c932db1db22f66ebeb62c056aebcb32a0eca7834dbbea197c7bc85db9b94a7051d2a1cee82d35cf92f8fa551d8e7bd5f96e6814c920e002a2caa86a45ffa772de74f8bdbb0cc3ee55fac318d47c01aa131c805884614076529d383fecbdef18342f0449e70c6b4c85740b2260e7c792d4557a42470f7cff51c853a761ae564eac42316b3d9a666b85c6d10f6f35c06958a22530fa4e1f621
primeP: fd40cf2540d5face1730ba567618e1fef8150853e000ae5dda7cc7d0f10da655058f23fc993b2f4f67a18e30b51611b3d6e81a4b8af67515eea3efade583f1d826881e04584a913ef8ddec8115b6557df7090066ea49d4d668b0757dc450374e88674d4b92789259ba0c646e6068e6511c28d895e8f747c1e672659f555408f5
primeQ: cfd04bf4c5530818de8dca86198f66eae9e5bd56518039d28d07bfb728c31ab3f9f4baa1058ef92b3af4fdba57c1e5e12db461e6f7e862654f6edbabd36811ce99dde777b8b24a8aae2f198f4c72d8661090831b14e5f3791970e990de3be7dd22a727fde84f39854cf9356178e464cc16589e8d4c3988110d515400ae2c513d
primeExponentP: 8337251cc42f1a37d5c42587cec0adb7918a343a610179569f71af860e9f67e2fd7260ceec05c2497e0432cc01c7617cb088a9b72254f7ed592c0f6f264feaea776c6741110df19b930e490fc8d4240f940351f600c62844bf114e8ecf3c50ab9bf90a0f71e08ed376961d232348b6aca7ce72099a1f254acdbfcfef72228c51
primeExponentQ: b750a420180c858102990b44bdb95cecee44c57f2647b939fd440f9eef2b241c0ceb0fd248c7f50e68648289652e5aad07172ea182a0106413ecd3843fe97683cc010e54f2acfbca579a9eae649e8e3b827327e3b4cc9fb87c73b8e51cd4b554c163b88866ebb3eedd969bbb0edc51fa21e02c84b1efb21270b0042cd177b075
crtCoefficient: d7ae6370c69f9274267600e6c8b8324c6da2d54c1b9dffb2b7a6e607e3db8390295a05635ebf1cf7f282cb938889995b47342bf60faff2906283153d092fbbfd57aff4754ce374cfb604025b85e8d76e119f3dd2c8dfa44d12cb3a478b5111c7f63dafaba3fbcccbf827f54d28819d0d113e6b7f9c119f35d4da3c9401ac968a
-----------------

Here the key is generated in some different format with public exponent: 10001.
I need the format to be "Sun RSA private CRT key, 2048 bits" with public exponent: 65537 format which the API requires.
Please help to get the key converted.

Thanks,
Subhadip
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

Am I missing something? Surely you can just use the private key you generated using

in the line
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9

Hi,

I can't pass the generated RSA key because the API is expecting different format. Please compare the key getting generated and the key expected as mention in the 1st post.

The key generated - RSA Private CRT Key (public exponent: 10001)
The key expected - Sun RSA private CRT key, 2048 bits (public exponent: 65537)

I need a way to convert the same as expected.

Thanks,
Subhadip
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

10001 hex is 65537 decimal so both key have the same public exponent and the difference it just in the way the toString() method output is formatted. It would be very unusual to specify the implementation class to be used as the private key; one normally just specifies an interface that the key must meet and I'm betting that both classes implement interface PrivateKey or RSAPrivateKey. Have you tried using it as I suggested ?
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9
Hi,

I have debugged the key generated and found the BigInteger values coming in modulus and exponent is proper.

I will pass the generated key in live setup inside byte[] encrypted = toByteArray(new RSAEncryptingPayload(Payloads.newStringPayload(toSign), privateKey)); and see what happens.
will let you know...


Thanks,
Subhadip
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9

Hi Richard,

I'm having another issue where I tried to generate a new RSA private key using below code.
try{
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048); //1024 used for normal securities
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
System.out.println("Public Key - " + publicKey);
System.out.println("Private Key - " + privateKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}


The private key output is coming as sun.security.rsa.RSAPrivateCrtKeyImpl@ffd41201 instead of the actual key.
The same code is working fine in my work computer and generates private key. Please help to identify what can be the problem.

Thanks,
Subhadip
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

The line of code

concatenates the string "Private Key - " with the value returned from toString() method of the 'privateKey' object and then prints the result. You have a misunderstanding of what the toString() method of any class does. The creator of a class is allowed to put anything he chooses in the toString() method and in this case he chooses to output the class name. In this case the class name is irrelevant as long as the class implements interface RSAPrivateKey. You don't care what the actual class name is as long as it implements interface RSAPrivateKey. Different implementations of the JCE may have different class names but as long as they implement interface RSAPrivateKey that is all you care about.

In this case your privateKey must implement RSAPrivateKey (which is all you care about) or you would have got a class caste exception on the line


The toString() method on any object is only an aid to debug and should rarely be used for anything other than debug purposes.
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9

Hi,

I have tried also with the below and it's giving me the same result... classname
System.out.println("Private Key - " + privateKey.toString());

I know we can implement the toString() of any class in any manner in which we want to show the output.
My doubt here is, the same code gives me perfect RSA private key when I tried it from office system, but when I'm trying from home system it's not giving proper response.
Is there any dependency on OS or eclipse?

Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

S Bagui wrote:
My doubt here is, the same code gives me perfect RSA private key when I tried it from office system, but when I'm trying from home system it's not giving proper response.


So what constitutes "not giving proper response" ? I use code similar to yours all the time with several different JCE providers and mine works every time so you are doing something wrong. Nothing you have said or shown indicates there is anything wrong with the private key. Certainly the output of the toString() method does not indicate anything is wrong. Please provide a SSCCE (follow the link) that illustrates the problem. Without an SSCCE we have nothing to go on.
S Bagui
Greenhorn

Joined: Jul 16, 2012
Posts: 9
Thanks a lot Richard. Your suggestion resolved the issue. Forgot to resolve the question thread.

Thanks
Subhadip
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Generate 2048 bit Sun RSAPrivateKey from a .pem file private key format