X509PublicKey - non-standard additions??

18 views
Skip to first unread message

James Vanns

unread,
Apr 19, 2005, 7:07:55 AM4/19/05
to crypto...@eskimo.com
In my quest for getting Java to open my Crypto++ RSA 1024-bit public key
I've noted that RSAFunction inherits from X509PublicKey.

X509PublicKey defines its method DEREncode as:

void DEREncode(BufferedTransformation &bt) const {
DERSequenceEncoder subjectPublicKeyInfo(bt);
DERSequenceEncoder algorithm(subjectPublicKeyInfo);
GetAlgorithmID().DEREncode(algorithm);
DEREncodeAlgorithmParameters(algorithm);
algorithm.MessageEnd();

DERGeneralEncoder subjectPublicKey(
subjectPublicKeyInfo, BIT_STRING);

subjectPublicKey.Put(0); // unused bits
DEREncodeKey(subjectPublicKey);
subjectPublicKey.MessageEnd();
subjectPublicKeyInfo.MessageEnd();
}

Now, according to ASN1 syntax X509 public keys should be represented as:

SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }

So my question is: in the code above why are the algorithm parameters included?
And whats the extra 'unused bits' for? Now, admittedly even though I have a
modicum of understanding of Cryptography - my knowledge of PK standards is practically
non existent so I apologise in advance for any misunderstandings on my part.

I'm just trying to get Java to import my friggin key!! Java throws a BER Decode error, is this normal?
To decode a DER encoded key with a BER decoding algorithm? I'm guessing it is.

Any comments on my rantings above?

Cheers (again),

Jim

--
James Vanns BSc (Hons) MCP
Linux Systems Administrator
Software Engineer (Linux / C & C++)
Canterbury Christ Church University College
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x24045370


José Manuel Romero Ximil

unread,
Apr 19, 2005, 8:59:33 AM4/19/05
to crypto...@eskimo.com
Hi James,

PKCS1 v2 specifies that RSA must include parameters and the value is NULL.
The unused bits field is necessary for asn1 bit strings, in this case is 0.

James Vanns

unread,
Apr 20, 2005, 4:39:47 AM4/20/05
to crypto...@eskimo.com
Thanks to all for putting up with my rantings again. I've come to the
root of the problem and it had bugger all to do with Crypto++. For those
who are interested, opening an RSA public key (saved in X509, DER-
encoded format) in Java, that was generated and saved using Crypto++, is
achieved simply like this:


KeyFactory factory = KeyFactory.getInstance ("RSA");
X509EncodedKeySpec specification =
new X509EncodedKeySpec (X509);
RSAPublicKey key = (RSAPublicKey)
factory.generatePublic (specification);

Where X509 is a byte[] holding the X509, DER-encoded public key. The
problem I had was with Java's String class constructed by a byte[] in a
different method. For some reason when I accessed the String' internal
byte array with getBytes() - it returned more bytes than it had
originally been constructed with!

Anyway, all works now (got rid of the String object) - and thanks for
your help again.

Regards

Jim Vanns

Reply all
Reply to author
Forward
0 new messages