Algorithm and Padding from PKCS 12 File
Is it possible to extract the asymmetric key algorithm (e.g. RSA) and padding scheme from a PKCS 12 file? Is this information even stored in the PKCS 12 format? I haven't been able to find any descriptions of the format that aren't way to in-depth or way too terse.
Note that I don't mean signature algorithm. I mean the algorithm (and padding scheme) that would be used along with the public and private keys stored in the file.
Thanks,
Dave
[470 byte] By [
dlanda] at [2007-10-2 5:59:12]
You mean:
public class MyPKCS12 {
public static void main(String args[]) throws Exception {
FileInputStream fis = new FileInputStream("./mypass.p12");
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(fis, "xyzzy".toCharArray());
for (Enumeration<String> e = ks.aliases() ; e.hasMoreElements() ;) {
String s = e.nextElement();
System.out.println("Alias: " + s);
Key k = ks.getKey(s, "xyzzy".toCharArray());
System.out.println("Private Key = " + k);
System.out.println("k.getAlgorithm() = " + k.getAlgorithm());
System.out.println("k.getFormat() = " + k.getFormat());
k = ks.getCertificate(s).getPublicKey();
System.out.println("Public Key = " + k);
System.out.println("k.getAlgorithm() = " + k.getAlgorithm());
System.out.println("k.getFormat() = " + k.getFormat());
}
}
}
Hopefully, the following reference isn't too in-depth, but here is in the standard.
http://www.rsasecurity.com/rsalabs/node.asp?id=2138
It assumes you understand basic ASN.1.
You can also have a look at the PKCS12 provider source in the JDK 5.0 JSSE code, which is available through SCSL in the JDK security bundle. Sun's implementation doesn't support every possible mode/attribute, but does all of the common ones.
Thanks for the info. I'm a little embarrassed that I missed the getAlgorithm() method in the Key class. That one gives me exactly what I need. However, the getFormat() doesn't. This gives me the format the private key is stored in (e.g. PKCS#8), not the padding scheme that was used with it to encrypt the data.
On one hand I can see where the padding wouldn't necessarily be stored with the key since you can use any padding scheme you like with the key. But on the other hand, that info must be available somewhere, otherwise how would you know what padding scheme to use to decrypt data encrypted with the public key? I have to have pass the correct info to the Cipher.getInstance() method.
Thanks,
Dave
dlanda at 2007-7-16 12:59:37 >
> On one hand I can see where the padding wouldn't
> necessarily be stored with the key since you can use
> any padding scheme you like with the key. But on the
> other hand, that info must be available somewhere,
> otherwise how would you know what padding scheme to
> use to decrypt data encrypted with the public key? I
> have to have pass the correct info to the
> Cipher.getInstance() method.
I'm a little confused here.
Are you trying to write your own PKCS12 keystore implementation? Or use the private keys obtained from a PKCS keystore to do some Cipher initialization to recover some plaintext from ciphertext? If the latter, which I think is the case, you need to find out what the encryption side originally used for padding the data to be encrypted. This is not a function how the key itself was stored. I may be misunderstanding the question, so apologies if it takes another round of Q&A.
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
c.init(ENCRYPT_MODE, publicKey);
byte [] b = c.doFinal(plainText);
Peer sends you b
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
c.init(ENCRYPT_MODE, privateKey);
byte [] recoveredText = c.doFinal(b);
AFAIK, Sun's RSA implementation in SunJCE has NoPadding (aka RawDSA-rarely used), PKCS1Padding (most common), & OAEP. Also note, you can't use RSA for bulk encipherment. There's no standard for bulk encipherment, besides it would be too slow compared to a symmetric cipher. RSA is typically used when settling on a bulk symmetric session key (AES/DES/RC4/etc.)
Hope this helps.
Thanks for replying. I think you answered my question. To answer yours, yes I'm simply decrypting some encrypted text from a file (it's a small amount of text so using RSA for this is going to work).
What's going on is that the data is being encrypted using Windows CryptoAPI. The key will then be exported to PKCS12 file and used in a java app I'm writing to decrypt the data. I was hoping that I could get the algorithm and padding from the PKCS12 file so the CryptoAPI code could change the algorithm and/or padding used to encrypt the data and no changes would be needed on the java side--it would simply get that data from the PKCS12 file. Sounds like this isn't going to work though.
Dave
dlanda at 2007-7-16 12:59:37 >
I don't think so. What you're after is the padding used during encryption, not for storing keys.
Makes sense. Thanks for the help.
dlanda at 2007-7-16 12:59:37 >
