CODEWITHSUNDEEP
bouncycastle
zcaudate
zcaudate

Reputation: 14258

How to convert bouncycastle getEncoded format into X.509 format for RSA public key

If a base64 encoded public key when 'getEncoded' is called yields this

mQENBFh1kBcBCADMUkNW2qFgeRnornjhT3lt73wTGcO9rt+Ktr1tcopmOPTfNq3
feZNFHRUsBt0Nnuj9+vSD2cwFRoZDNulhnBD8lAJYOD427uvV+KBDF/5pCQKh2S
mDK8tJI/ncLIlX4SFa8F9f36FySglpkzA59IFtHdUBz9w+PJRqUQ5MVRzNHYBbv
6aeIWwl46KrL3eibRgBDVuEOKAoesdb+xErs9cqg3KSVi01XBgr+XMSgOBz4J3f
J4HdibsJdz1+113aKT++4LUSuuyeVbw3K/ZgMkrsyeJw84sHhF2kDu61atSUsQE
nJwBF2sPA9V/i28fftxodgg5qbEs8egdsw/wxGzsfABEBAAG0K0NocmlzIFpoZW
5nIChjemhlbmcpIDxjemhlbmdAYXRsYXNzaWFuLmNvbT6JATkEEwEIACMFAlh1k
BcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRARY82BslwTrMvtB/4t
LoRH91p09vM1sSQ77RC+XwQqhhvN1BAeqGxqZpgCO6Ld5KRh8f4mFY8nXjDCSyy
ydTBzIUp6aG0f+2EBhArtk/oU/pi8D4zHoeBkrl23/234s1kBI5F2g2kd6itwP8
ekimaUyNFdPIN1dPwdxhuspOUtFNR+HsT3BT32v4Afd7sWVNTFrkapxTdxxZkVb
+FS0wbuzFzB2gb8AvEGevzF/hQXOf3r8QzUQoEZ14pigNu/arlXzEuzXJXXT/AQ
nAzbVENoFrhojxqEU7RxH8J4nao8OfpYfL7w3T7PC3nFFSTYSwvYItGkl9DPPiZ
GWZTrb6VfpFGNLHwCoLOaf8ShsAIAAA==

how do I turn it into X.509?

The reason that I need to do so is to create a java.security.PublicKey object. I've also asked here: https://security.stackexchange.com/questions/150422/what-format-is-bouncycastle-opengpg-public-key/150427#150427 and I've confirmed that it is a length 2048 key but usually the PublicKeys are read using the X.509 standard. If there is another way to read it in, that'll be great.

Upvotes: 1

Views: 1577

Answers (1)

pedrofb
pedrofb

Reputation: 39241

X.509 is an standard for a public-key infraestructure to manage digital certificates and public key encryption. X509 certificates include a public key, a set of attributes like subject, issuer, serialnumber or keyusage, and a signature of the Certification Authority issuing the certificate

Therefore the content of public key and X509certificate is not equivalent. a public key can be extracted from the certificate, but with a public key it is not possible to deduce the certificate. In fact, several x509certificates could include the same public key

According to your link, the key is in OpenPGP format. Java has not a default reader for this keys, but you can use Bouncycastle (package bcpg)

//Convert key from base64 to binary
byte pubKeyBinary[] =DatatypeConverter.parseBase64Binary(pubKeyBase64);

//load Public key with bouncycastle
Security.addProvider(new BouncyCastleProvider());
PGPPublicKeyRing  pgpPub = new PGPPublicKeyRing(pubKeyBinary, new JcaKeyFingerprintCalculator());
PublicKey pubKey = 
   new JcaPGPKeyConverter().setProvider("BC").getPublicKey(pgpPub.getPublicKey());

Upvotes: 3

Related Questions