All geek questions in one place

Save PGP (public) keys in java keystore - Bouncycastle

I use bouncycastle (JAVA) to verify the signature, encryption, decryption and signature in the SSO implementation. I have PGP public and private keys, and I have to store them in the Java keystore. These PGP public keys are not certified.

I understand that for public keys (according to javadoc Keystore: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html ) I need to create a certificate. After creating the certificate, I can import it into the keystore as KeyStore.TrustedCertificateEntry. However, I cannot create a certificate entry for type org.bouncycastle.openpgp.PGPPublicKey.

I searched on the Internet but did not find a suitable example:

  • Bouncycastle documentation: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation Creates a certificate for X.509 keys -

  • Bouncycastle examples are org.bouncycastle.openpgp.examples.DirectKeySignature: Add a certificate (object of type PGPSignature) directly to PGPPublicKey. In conclusion - I signed (certified) PGPPublicKey, but I can not store this type of key in the java key store.

    OutputStream out = new ByteArrayOutputStream(); if (armor) { out = new ArmoredOutputStream(out); } PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(secretKeyPass.toCharArray(), "BC"); PGPSignatureGenerator sGen = new PGPSignatureGenerator(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC"); sGen.initSign(PGPSignature.DIRECT_KEY, pgpPrivKey); BCPGOutputStream bOut = new BCPGOutputStream(out); sGen.generateOnePassVersion(false).encode(bOut); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); boolean isHumanReadable = true; spGen.setNotationData(true, isHumanReadable, notationName, notationValue); PGPSignatureSubpacketVector packetVector = spGen.generate(); sGen.setHashedSubpackets(packetVector); bOut.flush(); return PGPPublicKey.addCertification(keyToBeSigned, sGen.generate()).getEncoded();

I am mostly interested in a software solution (java source code), but examples that use some tools will also be useful.

Thanks!

+6
source share
2 answers

I think you need to extract java.security.PublicKey from your PGPPublicKey and use it to build an X509Certificate that can be stored in the keystore.

 JcaPGPKeyConverter c = new JcaPGPKeyConverter(); PublicKey publicKey = c.getPublicKey(pgpPublicKey); // ... Use Bouncy X509V3CertificateGenerator or X509v3CertificateBuilder // ... to construct a self-signed cert X509Certificate x509Certificate = // ... // ... add cert to KeyStore

To create an X509Certificate from a PublicKey , see Generate Random Certificates .

0
source

If you want to keep the public key, why don't you just save the key content to the Java keystore? Then extract the content and convert it to a PGPPublicKey object when you need it.

Create the first shell class

 public class PgpPublicKeyWrapper implements Key { private final String keyContent; public PgpPublicKeyWrapper(final String keyContent) { this.keyContent = keyContent; } @Override public String getAlgorithm() { return "PGP-PublicKey"; // you can call whatever you want } @Override public String getFormat() { return "RAW"; // has to be raw format } @Override public byte[] getEncoded() { return keyContent.getBytes(); } }

Then you can do it to save it

 keyStore.setKeyEntry("think a name for alias", new PgpPublicKeyWrapper(key), PASSWORD, null);

If you want to get it

 Key key = this.keyStore.getKey(alias, PASSWORD); InputStream is = new ByteArrayInputStream(key.getEncoded()); PGPPublicKey publicKey = readPublicKey(is);

For readPublicKey (), you can find many online examples on how to read an InputStream for a PGPPublicKey object.

0
source

Source: https://habr.com/ru/post/912499/

More articles:


All Articles