Export RSA public key to PEM String using java

Question

So I'm using Spongy Castle (Android) to generate a PEM encoded string for an RSA public key that will be uploaded to a server. This is what I'm currently doing:

    PublicKey publicKey = keyPair.getPublic();
    StringWriter writer = new StringWriter();
    PemWriter pemWriter = new PemWriter(writer);
    pemWriter.writeObject(new PemObject("RSA PUBLIC KEY", publicKey.getEncoded()));
    pemWriter.flush();
    pemWriter.close();
    return writer.toString();

Now as you can probably tell I'm not sure how to construct the PemObject or if there is an easier way to do this.

When using Bouncy Case I used to do this like this

    StringWriter writer = new StringWriter();
    PEMWriter pemWriter = new PEMWriter(writer);
    pemWriter.writeObject(keyPair.getPublic());
    pemWriter.flush();
    pemWriter.close();
    return writer.toString();

But for some reason the PEMWriter class does not exist in Spongy Castle

What's the format of publicKey.getEncoded after we encode it using Base64? Is it pem? — Charlesjean, Dec 23 '19 at 11:43
Is it possible to do this without SpongyCastle (which is unmaintained for many years)? — gmk57, Jan 11 '22 at 09:26

score 11 · Accepted Answer · answered Aug 05 '14 at 02:39

Ok So this is probably not the smartest way (or maybe it is?) to do it, but after checking out the sources for PEMWriter this class basically does this under the hood:

when calling writeObject it creates an instance of MiscPEMGenerator

MiscPEMGenerator then creates the PemObject by checking the type of the constructor's argument, the following is an excerpt from MiscPEMGenerator's source:

private PemObject createPemObject(Object o){
  ...
  else if (o instanceof PublicKey)
  {
      type = "PUBLIC KEY";

      encoding = ((PublicKey)o).getEncoded();
  }
  ...
  return new PemObject(type, encoding);
}

So as can be seen from the MiscPEMGenerator code the only thing I had to change was the type parameter from "RSA PUBLIC KEY" to just "PUBLIC KEY". Here is the final code.

PublicKey publicKey = keyPair.getPublic();
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("PUBLIC KEY", publicKey.getEncoded()));
pemWriter.flush();
pemWriter.close();
return writer.toString();

score 5 · Answer 2 · answered Aug 09 '14 at 12:29

The reason you might be running into issues is because Android uses Bouncy Castle internally as JCA provider. But the version that is included varies over the various Android versions.

You might be interested in the Spongy Castle project, which "simply" repacks Bouncy Castle in a different package so that you can include your own libraries with your Android application.

Using the latest version (1.51.0.0) of Spongy Castle, the following works as intended (on my workstation, no device at hand to test on a device):

import java.security.PublicKey;
import org.spongycastle.openssl.jcajce.JcaPEMWriter;

class PEMConverter {

    public static String toPEM(PublicKey pubKey) {
        StringWriter sw = new StringWriter();
        JcaPEMWriter pemWriter = new JcaPEMWriter(sw);
        pemWriter.writeObject(pubKey);
        pemWriter.close();
        return sw.toString();
    }
}

Export RSA public key to PEM String using java

2 Answers2

Linked