RFR: 8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1 [v3]

Valerie Peng valeriep at openjdk.java.net
Fri Jan 15 01:48:03 UTC 2021


On Wed, 13 Jan 2021 17:07:20 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update copyright year from 2020 to 2021.
>
> Marked as reviewed by weijun (Reviewer).

> 
> 
> _Mailing list message from [Michael StJohns](mailto:mstjohns at comcast.net) on [security-dev](mailto:security-dev at openjdk.java.net):_
> 
> Sorry - I'm coming to this a bit late.
> 
> Any chance of adding the logic for generatePublic() from a PKCS8 RSA
> private key??? RFC3477 has the PKCS1 RSAPrivateKey ASN1 which includes
> the modulus and publicExponent - so it should be a pretty straight
> forward add to generate a public key.
> 
> PKCS11 2.40 started requiring that the publicExponent be stored with the
> private key to allow for the public key to be regenerated from a private
> key object.?? Going forward,? it might be a good idea to modify the
> RSAPrivate(Crt)KeyImpl class to store the publicExponent if provided.
> 
> Mike

You are correct that for RSA private CRT keys the necessary values are there for figuring out its corresponding public keys.

This change is about adding support for PKCS#1 encoded RSA keys and be able to translate them into PKCS#8 encoded keys and/or extract various key specs out of them. If you already have PKCS#8 RSAPrivateCrtKey obj from SunRsaSign provider, you can call its getPublicExponent() method and use that to create a RSAPublicKeySpec and generate RSA public key with it. If you are using 3rd party impl which does not return the public exponent value somehow, then you can translate it using the RSA key factory impl from SunRsaSign provider and then repeat the fore-mentioned step. Will this address your need? If not, could you elaborate the usage that you have in mind? Not sure if you are suggesting a new KeyFactory.generatePublic() method which take a PrivateKey or else.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1787



More information about the security-dev mailing list