Safe storage of RSA private keys before binding to X.509 cert

mstjohns at comcast.net mstjohns at comcast.net
Wed Feb 20 02:36:26 UTC 2013 

Not using the pkcs11 provider.  If you use the (undocumented) wrapper classes you can get more direct access to the pkcs11 libraries.  Or go with the iaik pkcs11 lobs.  

Sent from Comcast mobile

-----Original Message-----
From: Matthew Hall
To: mstjohns
Cc: security-dev
Sent: 2013-02-20 02:27:21 +0000
Subject: Re: Safe storage of RSA private keys before binding to X.509 cert

Is there a more elegant way?

On Wed, Feb 20, 2013 at 02:24:40AM +0000, mstjohns at comcast.net wrote:
> Store the private key with a self-signed certificate.  Replace the cert when it is issued.  
>> Sent from Comcast mobile
>> -----Original Message-----
> From: Matthew Hall
> To: security-dev
> Sent: 2013-02-20 00:27:51 +0000
> Subject: Safe storage of RSA private keys before binding to X.509 cert
>> Hello,
>> I have a question about safely storing RSA private keys while waiting for a 
> Cerification Request to be processed remotely so a signed X.509 Certificate 
> will be returned.
>> I want to store it inside the PKCS #11 KeyStore so it will be protected while 
> we wait for the Certificate to become available, so that both can be bound 
> together and then stored.
>> However, the KeyStore APIs prevent this from succeeding:
>> If public final void setKeyEntry(String alias, byte[] key, Certificate[] 
> chain) is used with keyPair.getPrivate().getEncoded(), it throws 
> UnsupportedOperationException.
>> If public final void setKeyEntry(String alias, Key key, char[] password, 
> Certificate[] chain) is used, it throws java.lang.IllegalArgumentException: 
> Private key must be accompanied by certificate chain.
>> If one creates a RAW-type SecretKey using SecretKeySpec privateKeySpec = new 
> SecretKeySpec(privateKeyBytes, "RAW"), and attempts to store the RAW 
> SecretKey, it throws java.security.KeyStoreException: Cannot convert to PKCS11 
> keys caused by java.security.InvalidKeyException: Unknown algorithm RAW.
>> How is one supposed to store the RSA PrivateKey in a FIPS-safe way, if the 
> KeyStore refuses to handle it via any of these APIs? Several threads on 
> StackOverflow also mentioned this issue, with no known workaround.
>> Regards,
> Matthew.

More information about the security-dev mailing list