1

I want to serialize a McEliece public key (BCMcEliecePublicKey) but always get a NotSerializableException.

 java.io.NotSerializableException: org.bouncycastle.pqc.crypto.mceliece.McEliecePublicKeyParameters

I tried the same code with XMSSMT and it worked without a problem. The Bouncy Castle version is the new Release 1.61

Here a small code as an example:

    //key generation
    Security.addProvider(new BouncyCastlePQCProvider());
    KeyPairGenerator keygen = null;
    try {
        keygen = KeyPairGenerator.getInstance("McEliece", "BCPQC"); //XMSSMT
    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
        System.out.println("Error: KeyPairGenerator could not be instanciated. " + e.getMessage());
    }

    //XMSSMTParameterSpec bcSpec = new XMSSMTParameterSpec(10, 5, XMSSMTParameterSpec.SHA256);
    McElieceKeyGenParameterSpec bcSpec = new McElieceKeyGenParameterSpec();

    try {
        keygen.initialize(bcSpec, new SecureRandom());
    } catch (InvalidAlgorithmParameterException e) {
        System.out.println("Error: Initialize failed. " + e.getMessage());
    }

    PublicKey pub = keygen.generateKeyPair().getPublic();

    //BCMcEliecePublicKey pubMcEliece = (BCMcEliecePublicKey) pub;
    //McEliecePublicKeyParameters keyParameters = new McEliecePublicKeyParameters(pubMcEliece.getN(), pubMcEliece.getT(), pubMcEliece.getG());

    //serialization
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    try {
        ObjectOutputStream oos = new ObjectOutputStream(baos);
        oos.writeObject(pub); //keyParameters
        System.out.println("OK");
    } catch (IOException e) {
        System.out.println(e);
    }

What do I have to change to serialize the key?

GhostCat
  • 137,827
  • 25
  • 176
  • 248
Chris S
  • 42
  • 6
  • 1
    It implements the [`java.security.Key`](https://docs.oracle.com/javase/8/docs/api/java/security/Key.html) interface. This interface supplies a different serialization scheme in the form of a `getEncoded()` method that should return the key represented in a standard, non Java specific, format. – President James K. Polk May 10 '19 at 19:28
  • Good to know, thanks for your effort. – Chris S May 10 '19 at 19:39

1 Answers1

0

Simple answer: you probably can't.

That exception tells you that the class of the corresponding does not implement java.io.Serializable.

And when you dig into the source code, you will find: yes, exactly. Neither that class, nor any of its parent classes does implement that interface.

Like here, the base class: McElieceParameters (and no, that interface CypherParameters doesn't implement Serializable either).

Guessing here: the bouncy castle do not want you to use the default serialization for such objects!

And then: please understand that "old school" java binary object serialization is something that few people would recommend using these days anyway. Nowadays, you rather look towards compiling your configuration data into some "bean" like structures, to write/read them as JSON text.

Finally, if you really want to, there are dirty hacks, see here for example. But again: I would advise to not spend your time with that. There are much better ways to persist your data these days, compared to java style object serialization!

GhostCat
  • 137,827
  • 25
  • 176
  • 248
  • Thanks for the quick answer. Is there a reason why it works with XMSSMT? I didn't see any implement Serializable in the source code of XMSSMT. – Chris S May 10 '19 at 18:32
  • 1
    @ChrisS Honestly, that left me wondering, too. I did browse around through the sources for these classes, too. And yes, I couldn't spot that they use Serializable anyway. Problem is: I dont have the setup to repro your code, and honestly: it was a very long week, and I am about to head out for the weekend. So maybe someone else comes by and figures why it works with that other class. – GhostCat May 10 '19 at 18:38