Reputation: 38842
How can I store a Bouncy Castle PGP key in a Java Keystore?
I have a JKS keystore that keeps several private/public key pairs in my application. That is already protected using the password for the keystore. I'm adding keys used for doing OpenPGP with Bouncy Castle, and I need to generate several keys to use with Bouncy Castle PGP. I know I can store these keys as individual files, but those files would need to be protected individually with passwords creating a headache for the user. I'd like to simply store the PGP keys in the existing Keystore. I've read several responses on Stackoverflow alluding to it being possible, but no definitive answer about how. So can I store the PGP keys in the existing Keystore?
Here is what I'm thinking. Bouncy Castle's classes for PGP do not implement Key or Certificate. It does have JcaPGPKeyPair which can wrap a PrivateKey/PublicKey instance. So I could create keys within JCE, then "import" the JCE keys into the BC PGP infrastructure using JcaPGPKeyPair. Once I'm done I throw away all of the BC PGP instances and recreate when I need them again. Possibly using JcaPGPKeyConverter to do the heavy lifting of converting between JCE keys and PGP keys?
Could I use 2 JCE RSA or DSA keypairs for both signature and encryption keys PGP wants to use? Keep those in the Keystore and simply reconstruct the PGP infrastructure on demand when I want to use those keys?
Upvotes: 3
Views: 4223
Answers (1)
Reputation: 38722
I'd like to simply store the PGP keys in the existing Keystore. I've read several responses on Stackoverflow alluding to it being possible, but no definitive answer about how. So can I store the PGP keys in the existing Keystore?
The Java key store does not support OpenPGP keys. OpenPGP is another standard incompatible to X.509.
Bouncy Castle's classes for PGP do not implement Key or Certificate. It does have JcaPGPKeyPair which can wrap a PrivateKey/PublicKey instance. So I could create keys within JCE, then "import" the JCE keys into the BC PGP infrastructure using JcaPGPKeyPair. Once I'm done I throw away all of the BC PGP instances and recreate when I need them again. Possibly using JcaPGPKeyConverter to do the heavy lifting of converting between JCE keys and PGP keys?
Could I use 2 JCE RSA or DSA keypairs for both signature and encryption keys PGP wants to use? Keep those in the Keystore and simply reconstruct the PGP infrastructure on demand when I want to use those keys?
You could probably extract the plain numbers forming the public and private keys, but are losing all information on user IDs, timestamps, ..., which you would have to reconstruct every time. I would not go for such a fragile and error-prone path. There is no real mapping of OpenPGP and X.509 key attributes, and it gets worse for certificates (signatures on keys).
Upvotes: 2
Related Questions
- How do I efficiently iterate over each entry in a Java Map?
- How do I avoid checking for nulls in Java?
- How do I read / convert an InputStream into a String in Java?
- How can I fix 'android.os.NetworkOnMainThreadException'?
- How can I create a memory leak in Java?
- How do I generate random integers within a specific range in Java?
- How do I declare and initialize an array in Java?
- How do I convert a String to an int in Java?
- How do I call one constructor from another in Java?
- How do I determine whether an array contains a particular value in Java?