1

I've a Public key converted to byte array. I want to convert it back to Public key. I followed this link but getting an error :

Operation failed: javax.crypto.spec.SecretKeySpec incompatible with java.security.PublicKey

Since I know that it is a public key, is there any to convert it to Publickey instead of SecretKey.

EDIT

I have created a public key using RSAPublicKeySPec. Now there is no error but the signature verification fails because when I see the key material of the newly created public key, it is different from what I passed.

Key Material I passed 3082010a0282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001

Key Material I got after converting it to public key using RSAPublicKeySpec 30820122300D06092A864886F70D01010105000382010F003082010A0282010100AB7F161C0042496CCD6C6D4DADB919973435357776003ACF54B7AF1E440AFB80B64A8755F8002CFEBA6B184540A2D66086D74648346D75B8D71812B205387C0F6583BC4D7DC7EC114F3B176B7957C422E7D03FC6267FA2A6F89B9BEE9E60A1D7C2D833E5A5F4BB0B1434F4E795A41100F8AA214900DF8B65089F98135B1C67B701675ABDBC7D5721AAC9D14A7F081FCEC80B64E8A0ECC8295353C795328ABF70E1B42E7BB8B7F4E8AC8C810CDB66E3D21126EBA8DA7D0CA34142CB76F91F013DA809E9C1B7AE64C54130FBC21D80E9C2CB06C5C8D7CCE8946A9AC99B1C2815C3612A29A82D73A1F99374FE30E54951662A6EDA29C6FC411335D5DC7426B0F6050203010001

Clearly, the verification will fail because the key material is wrong! I don't understand why it is getting altered.

But when I directly create a public key using java.security.PublicKey (anonymous inner class), the key material doesn't get altered. But when I pass it to verify, I get wrong algorithm type error (I passed RSA as the algorithm)

CODE SNIPPET

    PublicKey pubKey = new PublicKey() {

        private static final long serialVersionUID = 1L;

        @Override
        public String getFormat() {

            return "PKCS1";
        }

        @Override
        public byte[] getEncoded() {

            return keyMat;
        }

        @Override
        public String getAlgorithm() {

            return "SHA256withRSA"; // tried with "RSA", getting same error
        }
    };

    return pubKey;
}
Community
  • 1
  • 1
Manoj
  • 644
  • 12
  • 21
  • The example in your link uses a symmetric cipher (DES). There no "public key" concept of in symmetric ciphers. Please provide the code you are using to create/distribute the key. – flo Mar 08 '16 at 12:58
  • @flo Right, so instead of DES, I use different algo like RSA – Manoj Mar 08 '16 at 13:03

1 Answers1

2

Retrieved from Here

//Takes your byte array of the key as constructor parameter
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(myKeyBytes);

//Takes algorithm used to generate keys (DSA, RSA, DiffieHellman, etc.) as 1st parameter
//Takes security provider (SUN, BouncyCastle, etc.) as second parameter
KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");

//Creates a new PublicKey object
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
MrPublic
  • 520
  • 5
  • 16
  • I don't want to generate the key, I just want to convert it. – Manoj Mar 08 '16 at 13:04
  • 1
    @Manoj You have to regenerate the key if you only have a byte array of the key, as said byte array is encoded with a certain key specification. You need to specify this key specification so the key can be recreated from a list of the keys bytes. The only object being "generated" is a new PublicKey object given an array of bytes. The value of the key itself is not being changed/recreated. – MrPublic Mar 08 '16 at 13:08
  • @Public Getting error when converted to X509EncodedKeySpec: java.security.spec.InvalidKeySpecException: Inappropriate key specification: IOException: algid parse error, not a sequence at com.ibm.crypto.provider.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:25) at java.security.KeyFactory.generatePublic(KeyFactory.java:145) at TestVerify.main(TestVerify.java:65) – Manoj Mar 14 '16 at 10:55
  • @Manoj What are the parameters you are using to generate the key pair in the first place? Is it an RSA KeyPair? Are you using PKCS8 format? Are you using an external library like BouncyCastle and forgot to add it to the Security Provider? – MrPublic Mar 14 '16 at 11:37
  • @Public I have public key material and which I am passing to `new X509EncodedKeySpec(keyMaterialBytes);`. Then I am passing `KeyFactory.getInstance("RSA", "IBMJCE");` to get KeyFactory instance. – Manoj Mar 14 '16 at 12:33
  • @Manoj It appears that your provider is "IBMJCE". Have you done `static{java.security.Security.addProvider(new IBMJCE());}` somewhere in your code? Also, are you specifying "IBMJCE" as your provider throughout your code and key generation? – MrPublic Mar 14 '16 at 12:36
  • @Public Yes. And FYI, I also tried `EncodedKeySpec` and `RSAPublicKeySpec`. Because I know it is an RSA key. But getting same error. I also tried to create Public key using Anonymous inner class `PublicKey` but When I pass it to verify, it gives me wrong algorith type error. (I passed algorithm = RSA and format type= PKCS1) – Manoj Mar 15 '16 at 06:32
  • @Manoj Okay. Since you know it is an `RSAPrivateKeySpec`, change the creation of that key spec to something along the lines of `RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(myKeyModulo, myKeyExponet);` and used the same method to retrieve a `KeyFactory` based on your provider, then used that factory to recreate a `PublicKey`. For finding out a way to retrieve your key's Modulo and Exponet, check out this link: http://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file – MrPublic Mar 15 '16 at 11:42
  • @Public Tried it. Now I don't get `InvalidKeySpecException` error. But my signature verification fails because the key material gets changed. See the edited question. – Manoj Mar 16 '16 at 06:31
  • @Manoj Given the current information you have provided, I cannot figure out what else could be causing this problem. If I may see the methods you use to generate the original key, as well as your verification method (including all relevant parameters), I may be able to figure out what exactly could be causing this mess. – MrPublic Mar 16 '16 at 11:51
  • @Public I have added a new question [here](http://stackoverflow.com/questions/36053558/rsa-public-key-getting-changed-after-converting-to-rsapublickeyspec) – Manoj Mar 17 '16 at 07:07