Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
How to create a new PrivKey, needed as arg in UserIdentity contructor, from sun.security.mscapi.RSAPrivateKey
January 28, 2020
15:58, EET
Avatar
GaD
New Member
Members
Forum Posts: 1
Member Since:
January 28, 2020
sp_UserOfflineSmall Offline

Hi,

I would like to create a UserIdentity with the constructor :UserIdentity(com.prosysopc.ua.stack.transport.security.Cert cert,
com.prosysopc.ua.stack.transport.security.PrivKeyprivKey).

I can create a new com.prosysopc.ua.stack.transport.security.Cert with the certificate got from the Windows keystore
but I don’t know how to create a new com.prosysopc.ua.stack.transport.security.PrivKey with the RSAPrivateKey got from this keystore.

I did not find any examples about this, can you help me ?

Gilles

// – get the user certificate and private key
final KeyStore ks = KeyStore.getInstance(“Windows-MY”, “SunMSCAPI”);
ks.load(null, null);
X509Certificate cert = (X509Certificate) ks.getCertificate(“MY_ALIAS_KEY”);

PrivateKey pk = (PrivateKey) ks.getKey(“MY_ALIAS_KEY”, null);
System.out.println(“PrivateKey Class: ” +pk.getClass().getName()+” = “+pk.toString());
/* output :
* PrivateKey Class: sun.security.mscapi.RSAPrivateKey = RSAPrivateKey [size=2048 bits, type=Exchange, container=MY_ALIAS_KEY]
*/
UserIdentity ui = new UserIdentity( new com.prosysopc.ua.stack.transport.security.Cert(cert),
new PrivKey( ???? )));

January 28, 2020
17:26, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Short answer is that most likely it is not possible and/or anyway goes beyond what the SDK supports currently.

Basically anything that contains “sun.security” is not considered supported (might still work, but we wont test). Certificate operations should mostly be done via the CryptoProvider and CertificateProvider implementations (SDK has for Bouncy/SpongyCastle) and/or via the utils CryptoUtil/CertificateUtils (that use those providers).

If that privatekey does not implement java.security.interfaces.RSAPrivateKey it probably wont work (if it would, you could cast+pass it to the public PrivKey(RSAPrivateKey privateKey)). You could try to see if you can get the encoded format of the private key via .getEncoded and pass it to public PrivKey(byte[] encodedPrivateKey). However assuming this based on a quick google search https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/windows/classes/sun/security/mscapi/Key.java would return null and that your key class doesn’t implement the java.security.interfaces.RSAPrivateKey. Generally I would assume the MS keystore to be designed as such that the private key is not directly accessible. That wont work with the SDK as it is; we need the key data in entirely as the data is passed to BouncyCastle lib for crypto operations (in the normal case).

The crypto abstractions could maybe use some more work in the future, but I’m not yet sure when that will happen. At some point we will need to add support for ECC keys; I could see the APIs changing then a bit so we could then check if this could be also improved.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
20 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 728

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1