1

Basically I'm trying to verify signature which using openssl looks like this:

openssl dgst -sha256 -verify prime192v1-pub-v1.pem -signature signatureFile.bin < dataFile.bin

... and in order to do that on android I need to create PublicKey object. The method that I'm using throws java.security.spec.InvalidKeySpecException: Unexpected key type at line kf.generatePublic(new X509EncodedKeySpec(encoded)).

import org.spongycastle.util.encoders.Base64;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;

public class SO {

    public static PublicKey getPublicKeyFromString(String key) throws IOException, GeneralSecurityException {
        String publicKeyPEM = key;
        publicKeyPEM = publicKeyPEM.replace("-----BEGIN PUBLIC KEY-----\n", "");
        publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", "");
        byte[] encoded = Base64.decode(publicKeyPEM);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        return kf.generatePublic(new X509EncodedKeySpec(encoded));
    }

}

This is how I call the method:

    SO.getPublicKeyFromString(
            "-----BEGIN PUBLIC KEY-----\n" +
            "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
            "avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
            "-----END PUBLIC KEY-----"
    );

Anyone knows what I'm doing wrong?

Egis
  • 5,081
  • 5
  • 39
  • 61
  • 1
    Yes, it's not an RSA public key, it's an elliptic curve (P192) public key. – President James K. Polk Aug 03 '17 at 01:16
  • [Can't read OpenSSL-generated ECDSA key from Java: InvalidKeySpecException](https://stackoverflow.com/q/42234685/608639), [How to create ECDSA keypair (256bit) for bitcoin curve (secp256k1) using spongy castle?](https://stackoverflow.com/q/29778852/608639), [How to load PEM encoded Elliptic Curve public keys into Bouncy Castle?](https://stackoverflow.com/q/40434317/608639), [How can I get a PublicKey object from EC public key bytes?](https://stackoverflow.com/q/26159149/608639), [How do I load an Elliptic Curve PEM encoded Private Key?](https://stackoverflow.com/q/41927859/608639), etc. – jww Aug 03 '17 at 12:36

2 Answers2

1

I got it working. The public key is elliptic curve (p192) public key and it should be loaded differently. Having PublicKey I was able to verify signature the same way as using openssl command.

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.io.Reader;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;

public class SO {

    public PublicKey getPublicKey() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        Reader rdr = new StringReader(
                "-----BEGIN PUBLIC KEY-----\n" +
                        "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXMHnQfWiM4oCaLfx296llgz7iaVv\n" +
                        "avMPppkzVNZAxtlNLhFlXnNWD0Mw9yzP8/Go\n" +
                        "-----END PUBLIC KEY-----\n"
        ); // or from file etc.

        org.bouncycastle.util.io.pem.PemObject spki = new org.bouncycastle.util.io.pem.PemReader(rdr).readPemObject();
        PublicKey key = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(spki.getContent()));
        return key;
    }

    public static boolean verify(byte[] data, byte[] signatureBytes, PublicKey publicKey) throws Exception {
        Signature signature = Signature.getInstance("SHA256withECDSA", "BC");
        signature.initVerify(publicKey);
        signature.update(data);
        return signature.verify(signatureBytes);
    }

}
Egis
  • 5,081
  • 5
  • 39
  • 61
  • This is great. Question to you, can I verify token with this method. The data would be the header+body, the signature bytes will be the bytes of the signature and the public key. I have tested it like this it wasn't ok if you know how to solve this it will be a great help of me. – f.trajkovski Jun 19 '18 at 09:12
  • I am getting Exception::java.io.IOException: -----END PUBLIC KEY not found . What could be the reason ? I am passing public key value. – madhuri H R Aug 08 '18 at 10:46
0

I was fighting with this for a while and came up with this solution. I decided against overloading the security system as I use other elements of android's Encryption system in other areas of my app.

public class EncryptionInterface {

    private static final int bufferSize_ = 32;
    private static final String headerTag = "-----BEGIN PUBLIC KEY-----";
    private static final String footerTag = "-----END PUBLIC KEY-----";

    /**
     *
     * @param ctx
     * @return
     * @throws Exception
     */
    public static PublicKey getPublicKey(Context ctx) throws Exception {

        PublicKey generatedPublic;

        Security.addProvider(new BouncyCastleProvider());
        String publicKeyString = getKeyFromFile(ctx);

        byte[] decoded = Base64.decode(publicKeyString, Base64.DEFAULT);
        org.spongycastle.asn1.pkcs.RSAPublicKey pkcs1PublicKey = org.spongycastle.asn1.pkcs.RSAPublicKey.getInstance(decoded);
        BigInteger modulus = pkcs1PublicKey.getModulus();
        BigInteger publicExponent = pkcs1PublicKey.getPublicExponent();
        RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, publicExponent);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        generatedPublic = kf.generatePublic(keySpec);

        return generatedPublic;

    }

    /**
     * Load the key/PEM from a file and strip the header/footer.
     * @param ctx
     * @throws Exception
     */
    public static String getKeyFromFile(Context ctx) throws Exception
    {
        String certPath = "publickey.pem";

        InputStream input = ctx.getAssets().open(certPath);
        byte[] buffer = new byte[bufferSize_];
        int len = 0;
        ByteArrayOutputStream keyBuffer = new ByteArrayOutputStream();
        while ((len = input.read(buffer)) != -1) {
            keyBuffer.write(buffer, 0, len);
        }

        String str = new String(keyBuffer.toByteArray());

        str = str.replace(headerTag, "");
        str = str.replace(footerTag, "");
        return str;
    }
}
Kev Thompson
  • 11
  • 5