Java: Recover the Public Key by only having the PrivateKey? Possible?

Question

Source: How to recover a RSA public key from a byte[] array?

This is my KeyPair generation Method:

    try {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA", "BC");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
        ECGenParameterSpec ecSpec = new ECGenParameterSpec("prime192v1");
        // Initialize the key generator and generate a KeyPair
        keyGen.initialize(ecSpec, random); // 256 bytes provides an
                                            // acceptable security level
        KeyPair keyPair = keyGen.generateKeyPair();
        // Set the public and private keys from the keyPair
        privateKey = keyPair.getPrivate();
        publicKey = keyPair.getPublic();


        System.out.println("Private and public keys:");
        System.out.println("PRIVATE: " + StringUtil.getStringFromKey(this.privateKey));
        System.out.println("PUBLIC: " + StringUtil.getStringFromKey(this.publicKey));

    } catch (Exception e) {
        throw new RuntimeException(e);
    }

You should ask on the [Crypto stackexchange](https://crypto.stackexchange.com/) whether such an operation is even feasible, before trying to do it in code. — Henrik Aasted Sørensen, Jan 30 '18 at 12:58
By the way, your code doesn't seem to use RSA, but rather elliptic curves. — Henrik Aasted Sørensen, Jan 30 '18 at 13:00
i dont understand why you making bad words at me, this is my first time asking something and getting bad answers. — Temse, Jan 30 '18 at 13:07
To answer the crypto part: Yes, it is feasible. You need to use the same process that was used to compute the public key during key-generation (scalar multiplication on an elliptic curve). — CodesInChaos, Jan 30 '18 at 14:09
@Kayaman Going from public to private would be a vulnerability. Going from private to public is fine. — CodesInChaos, Jan 30 '18 at 14:13
I don't think all the downvotes are required. Please include a link to the post on cryptography though. — Maarten Bodewes, Jan 30 '18 at 14:22
https://stackoverflow.com/questions/42639620/generate-ecpublickey-from-ecprivatekey/52029550#52029550 — plajko, Feb 19 '19 at 09:12

score 5 · Answer 1 · answered Jan 30 '18 at 14:16

In general, private keys contain enough information to rebuild public keys (it's the opposite, computing the private key from the public key, which is hopefully not feasible). In the case of a normal RSA private key in Java, you would use java.lang.security.KeyFactory.getKeySpec() to obtain a java.security.spec.RSAPrivateCrtKeySpec instance, that contains, among other things, the modulus (getModulus()) and the public exponent (getPublicExponent()), i.e. the two elements of the public key.

Now, of course, your code is not a generator for an RSA key pair, but for an elliptic curve key pair, which is an altogether different animal. There again, though, the private key contains enough information to recompute the public key. However, this involves an elliptic curve multiplication, an operation which is doable (that's the kind of operation used when signing or verifying an ECDSA signature) but for which I am not sure there is a ready-to-use API in Java.

In any case, when you generate the private key, you actually generate a key pair with both the private key and the public key. If you store a copy of the public key along with the private key, then you do not have to worry about recomputing the public key.

Bouncy Castle API (not so much the provider) now contains a pretty good EC API that of course handles multiplication (it was heavily refactored in the past). It is a software only provider after all. — Maarten Bodewes, Jan 30 '18 at 14:19

Java: Recover the Public Key by only having the PrivateKey? Possible?

1 Answers1