All geek questions in one place

How to determine the length of an X509 public key

How to determine the length (in bits) of an X509 public key in Java?

I want to get the same value as the "Public key" when running "openssl x509 -in cert.crt -noout -text". For example:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:00:00:01:a2:41:4b:56:3e:99:ba:92:b5:00:02:00:00:01:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=magnicomp, CN=MagniComp Issuing CA
        Validity
            Not Before: Sep 14 17:23:18 2015 GMT
            Not After : Sep 13 17:23:18 2016 GMT
        Subject: CN=dim.magnicomp.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

I have an X509Certificate object, and I played with the PublicKey value returned through getPublicKey(), but I cannot figure out how to determine the key length from this.

+4
source share
2 answers

If you know that the algorithm used was RSA, you can use the public key for RSAPublicKeyand get the key length using getModulus():

FileInputStream fin = new FileInputStream("certificate.pem");
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
RSAPublicKey rsaPk = (RSAPublicKey) certificate.getPublicKey();
System.out.println(rsaPk.getModulus().bitLength());

DSA , getP() getQ():

DSAPublicKey dsaPk = (DSAPublicKey) certificate.getPublicKey();
System.out.println(dsaPk.getParams().getP().bitLength());
System.out.println(dsaPk.getParams().getQ().bitLength());
+4

EJBCA org.ejbca. util.keystore.KeyTools #getKeyLength :

/**
 * Gets the key length of supported keys
 * @param pk PublicKey used to derive the keysize
 * @return -1 if key is unsupported, otherwise a number >= 0. 0 usually means the length can not be calculated, 
 * for example if the key is an EC key and the "implicitlyCA" encoding is used.
 */
public static int getKeyLength(final PublicKey pk) {
    int len = -1;
    if (pk instanceof RSAPublicKey) {
        final RSAPublicKey rsapub = (RSAPublicKey) pk;
        len = rsapub.getModulus().bitLength();
    } else if (pk instanceof JCEECPublicKey) {
        final JCEECPublicKey ecpriv = (JCEECPublicKey) pk;
        final org.bouncycastle.jce.spec.ECParameterSpec spec = ecpriv.getParameters();
        if (spec != null) {
            len = spec.getN().bitLength();              
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof ECPublicKey) {
        final ECPublicKey ecpriv = (ECPublicKey) pk;
        final java.security.spec.ECParameterSpec spec = ecpriv.getParams();
        if (spec != null) {
            len = spec.getOrder().bitLength(); // does this really return something we expect?
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof DSAPublicKey) {
        final DSAPublicKey dsapub = (DSAPublicKey) pk;
        if ( dsapub.getParams() != null ) {
            len = dsapub.getParams().getP().bitLength();
        } else {
            len = dsapub.getY().bitLength();
        }
    } 
    return len;
}
+3

Source: https://habr.com/ru/post/1607341/

More articles:


All Articles