Reputation: 632
How to encode a proprietary asymmetric publickey in X509
I am working on a cryptographic library in Java that creates its own proprietary asymmetric cryptosystem (we have a valid reason for doing this that is too long to explain here). This asymmetric cryptosystem is an implementation of ElGamal. The library provides a mechanism for generating keypairs and for encrypting and decrypting data.
The public and private keys of this cryptosystem do not currently implement any interface (they have no connection with Key from java.security).
However we now have the requirement that we need to store an ElGamal public key inside an X509 certificate. To do this we plan on implementing the java.security.PublicKey interface in our proprietary public key, as this will allow us to pass our proprietary public key as a PublicKey (to allow it to be stored in a certificate). However, implementing PublicKey means that we must now implement three new methods in our PublicKey, these are:
- public String getAlgorithm()
- public String getFormat()
- public byte[] getEncoded()
The getEncoded() method should return the public key encoded in some way. In keeping with convention, we would like to encode the data using X509 format.
We question is: how can the contents of an arbitrary object be encoded using this encoding format?
Upvotes: 2
Views: 1562
Answers (2)
Reputation: 93948
Henry is of course correct, however stopping with SubjectPublicKeyInfo is a bit of a tricky thing, as SubjectPublicKeyInfo is little more than a definition of a container.
If you encode an ElGamal public key using the getEncoded specified by Bouncy Castle then you will get [this ASN.1 structure][1]:
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER: 1.3.14.7.2.1.1
SEQUENCE (2 elem)
INTEGER (2048 bit): 3231…
INTEGER: 2
BIT STRING (1 elem)
INTEGER (2048 bit): 2072…
So that's a SubjectPublicKeyInfo (first sequence) with an ElGamal algorithm identifier (and ElGamal OID), which in turn contains the large prime and generator (with value 2). Then comes the BIT STRING, which contains an INTEGER with the public key value.
Note that I find it exceedingly hard to find out if the above is specified anywhere. IOW seems to have been some workshop in which NIST was also involved.
EDIT: Upon looking again I found this old internet draft by Peter Gutmann (expired in 1998!) that tried to define ElGamal for X.509 certificates. That seems to be a good base for your ElGamal specific SubjectPublicKeyInfo structure. At first glance it looks like the same structure that Bouncy emits.
As indicated in the comments, that's fine if you want to setup your own PKI, but any other parties will have to agree with on the changes of the certificate and the precise implementation of ElGamal.
Upvotes: 1
Reputation: 43728
X.509 specifies the format of a certificate. The public key itself is just one part of it. Within the X.509 data structure it is stored as a bit string (so basically raw binary data).
The getEncoded method typically returns the DER encoding of a SubjectPublicKeyInfo structure which contains the algorithm encoded as an ASN.1 object identifier and the bits of the public key itself.
The documentation of Key gives some more details.
Upvotes: 3
Related Questions
- How to create a X509 certificate using Java?
- Discrepancy between Java's public key representation and RFC 8410
- Construct x509 encoded public key from algorithm oid and byte[] value of key
- Asymmetric File encryption with Java
- X509 Public Key to HEX
- Encode publicKey on Java Card
- In Java, how do I decrypt using the private key from an X509 certificate (public/private key pair) inside a JKS keystore?
- how to convert public key of an x509 certificate in JAVA to hex
- Certificate encodings with X509Certificates and keytool
- How to use generated and encoded key in jce