How can I generate a non-secure KeyPair in Java?

Question

We currently have 4 internal servers that are load balanced by an nginx server. All our clients connect and talk to our service via Https currently (provided by the load balancer). That wasn't always the case. As a result we had some inventive authentication code in our maven setup which involved antrun generating a keypair on build so that the servers could send over the public key for the users to encrypt their credentials and send it back to the server.

The problem is that I hate this side loading antrun process, it makes it hard to use other tools against this project and it always seems to creep up and bite me in the most inconvenient of moments.

Because other services are still using the old authentication method which requires the keypair, I can't just remove it and move them forward. I have to support it at least for now. Because my services are load balanced I also have to keep the keypair synchronized between all of the servers behind the balancer.

For that whole long winded process, I would like to do something like this

KeyPair pair = createPredictableKeypairFromThisString("mySecret!");

Any suggestions on how I can do that while keeping up the backwards compatibility? As best I can tell, the only way to really accomplish this is to fake a SecureRandom object to spit out predictable bytes. I would rather not have to do something like that.

Answer 1

Simply generate a KeyPair, any KeyPair.

Serialize it out to a ByteArrayOutputStream.

Convert the resulting byte array into a a BASE64 blob-o-text.

Stuff that blob-o-text in to your code.

At runtime, convert the BASE64 in to a byte array.

Read the KeyPair from a ByteArrayInputStream, and the return the KeyPair.

You could also just create a static byte array with constants, so do whatever you like.