Reputation: 11
I have a simple RSA algorithm based on the basic technique of Clifford Cocks. I have it all working but I need to store my private and public key in the KeyStore so that a Server and a Client can share files using the keys.
I did some research and I found out about the command 'keytool' but it creates the key for you using either RSA or DES, and I do not know how to use it to store my own keys. Is there any way to solver this?
Or how can this problem be solved using the KeyStore class?
Thanks.
PD: The keys are stored in BigIntegers right now. But I dont think that matters.
Upvotes: 1
Views: 1436
Reputation: 94118
According to this article the public and private key are not that different from "normal" RSA keys. So you can use the same RSAPublicKey
and RSAPrivateCrtKey
as containers. The problem is that the KeyStore
implementations are very limited (pkcs#12, jks, jceks) - they cannot be used to store a single private key. You would need to create a certificate chain for the public key. This could be a self signed certificate, but it is quite a hassle just to store a key.
You could also create your own KeyStore
implementation but that seems to be a huge load of work. Implementing KeyStoreSpi
in your own provider is slightly less complicated, but it requires your provider to be signed with a private key and a certificate signed by Oracle.
Basically I would go with the self signed certificate trick explained above or with the serialization scheme proposed by Duncan.
For non believers:
Exception in thread "main" java.lang.IllegalArgumentException: invalid zero-length input chain
at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:393)
and
Exception in thread "main" java.lang.NullPointerException: invalid null input
at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:390)
Upvotes: 1
Reputation: 69410
It sounds like you've developed your own RSA algorithm implementation and have your own private and public key classes. I'm going to assume this is for educational purposes and avoid a rant about using existing implementations.
However, to use an existing KeyStore
provider, you would need to convert your keys into the format required by that provider for storage. Once you retrieve the keys back from the key store, you'd need to perform the reverse conversion back into your own private/public key classes.
To me, that seems like an awful lot of effort to get the minimal benefits of shoving the keys into a KeyStore
object. I would suggest you consider making your own simple storage scheme using serialized data.
Upvotes: 1