Safe storage of RSA private keys before binding to X.509 cert
Matthew Hall
mhall at mhcomputing.net
Wed Feb 20 02:26:28 UTC 2013
Is there a more elegant way?
On Wed, Feb 20, 2013 at 02:24:40AM +0000, mstjohns at comcast.net wrote:
> Store the private key with a self-signed certificate. Replace the cert when it is issued.
>
> Sent from Comcast mobile
>
> -----Original Message-----
> From: Matthew Hall
> To: security-dev
> Sent: 2013-02-20 00:27:51 +0000
> Subject: Safe storage of RSA private keys before binding to X.509 cert
>
> Hello,
>
> I have a question about safely storing RSA private keys while waiting for a
> Cerification Request to be processed remotely so a signed X.509 Certificate
> will be returned.
>
> I want to store it inside the PKCS #11 KeyStore so it will be protected while
> we wait for the Certificate to become available, so that both can be bound
> together and then stored.
>
> However, the KeyStore APIs prevent this from succeeding:
>
> If public final void setKeyEntry(String alias, byte[] key, Certificate[]
> chain) is used with keyPair.getPrivate().getEncoded(), it throws
> UnsupportedOperationException.
>
> If public final void setKeyEntry(String alias, Key key, char[] password,
> Certificate[] chain) is used, it throws java.lang.IllegalArgumentException:
> Private key must be accompanied by certificate chain.
>
> If one creates a RAW-type SecretKey using SecretKeySpec privateKeySpec = new
> SecretKeySpec(privateKeyBytes, "RAW"), and attempts to store the RAW
> SecretKey, it throws java.security.KeyStoreException: Cannot convert to PKCS11
> keys caused by java.security.InvalidKeyException: Unknown algorithm RAW.
>
> How is one supposed to store the RSA PrivateKey in a FIPS-safe way, if the
> KeyStore refuses to handle it via any of these APIs? Several threads on
> StackOverflow also mentioned this issue, with no known workaround.
>
> Regards,
> Matthew.
More information about the security-dev
mailing list