iaik.security.rsa

Class RSAPublicKey

java.lang.Object

iaik.x509.PublicKeyInfo

iaik.security.rsa.RSAPublicKey

All Implemented Interfaces:

ASN1Type, java.io.Serializable, java.lang.Cloneable, java.security.interfaces.RSAKey, java.security.interfaces.RSAPublicKey, java.security.Key, java.security.PublicKey

Direct Known Subclasses:

RSAOaepPublicKey, RSAPssPublicKey

public class RSAPublicKey
extends PublicKeyInfo
implements java.security.interfaces.RSAPublicKey

This class implements a RSA public key and supports ASN.1 encoding. This class extends iaik.x509.PublicKeyInfo for supporting RSA public keys to be used within X.509 certificates. This class implements the java.security.interfaces.RSAPublicKey interface for providing the functionality of a public key, as used for data encrypting or signature verifying based on the RSA algorithm.

PKCS#1 describes a X.509/PEM compatible syntax for RSA public keys to be used in certificates. The corresponding ASN.1 type RSAPublicKey is defined as ASN.1 SEQUENCE:

 RSAPublicKey ::= SEQUENCE {
   modulus INTEGER, -- n
   publicExponent INTEGER -- e }
 

An application wishing to create a RSAPublicKey to be used for, e.g. data encryption or signature verifying with the RSA algorithm, uses a proper getInstance method of the java.security.KeyPairGenerator class, which subsequently maybe casted to RSAKeyPairGenerator for performing an algorithm-specific initialization with proper RSA parameters. If an algorithm-specific initialization is not required, the cast to RSAKeyPairGenerator can be omitted.

Generally four steps have to be performed for creating a RSAPublicKey by using a proper KeyPairGenerator:

• First the KeyPairGenerator has to be instantiated thereby specifying the application's intention to create keys for use within the RSA algorithm:

   KeyPairGenerator key_gen = KeyPairGenerator.getInstance("RSA");
   

• Second, the KeyPairGenerator just created may be initialized using a proper initialize method. For initializing the generator to create keys with a modulus length of, e.g., 512 bits, this can be explicitly specified (when not initializing the generator explicitly, per default the modulus length is set to 2048 bits):

   key_gen.initialize(512);
   

• Third the key pair is created by calling generateKeyPair():

   KeyPair key_pair = key_gen.generateKeyPair();
   

• And finally, if there is need for the RSA public key, it has to be obtained from the key pair just created:

   RSAPublicKey rsa_pub_key = (RSAPublicKey) key_pair.getPublic();
   

For performing an algorithm-specific initialization with particular RSA parameters (e.g. using a particular public exponent e), an explicit cast of the KeyPairGenerator will be necessary for obtaining a specific RSAKeyPairGenerator to be initialized with the desired RSA parameters:

 RSAKeyPairGenerator rsa_key_gen = (RSAKeyPairGenerator) key_gen;
 rsa_key_gen.initialize(512, pub_exponent, sec_random);
 

(where sec_random denotes some random seed)

Guidelines on how to create some key using a KeyPairGenerator can be found in http://java.sun.com/products/JDK/1.2/docs/guide/security/CryptoSpec.html.

Version:

File Revision 29

See Also:

PublicKeyInfo, RSAPublicKey, KeyPairGenerator, KeyPair, RSACipher, RSAPrivateKey, RSAKeyPairGenerator, RSAKeyFactory, Serialized Form

Field Summary

Fields inherited from class iaik.x509.PublicKeyInfo

public_key_algorithm

Constructor Summary

Constructors

Constructor and Description
RSAPublicKey(ASN1Object obj) Creates a new RSAPublicKey from the given ASN.1 object.
RSAPublicKey(java.math.BigInteger modulus, java.math.BigInteger publicExponent) Creates a new RSAPublicKey with given values for the modulus n and the public exponent e.
RSAPublicKey(byte[] pk) Creates a new RSAPublicKey from the given DER encoded byte array.
RSAPublicKey(java.io.InputStream is) Creates a new RSAPublicKey from an InputStream.
RSAPublicKey(java.security.interfaces.RSAPublicKey key) Creates a new RSAPublicKey from the given RSAPublicKey representing modulus n and public exponent e.
RSAPublicKey(java.security.spec.RSAPublicKeySpec keySpec) Creates a new RSAPublicKey from the given RSAPublicKeySpec representing modulus n and public exponent e.

Method Summary

Methods

Modifier and Type	Method and Description
java.math.BigInteger	crypt(java.math.BigInteger message) Deprecated. Use iaik.pkcs.pkcs1.RSACipher#rawPublicRSA instead.
protected void	decode(byte[] publicKey) Decodes a RSAPublicKey, encoded in DER format (PKCS#1).
byte[]	encode() Returns the raw (PKCS#1) RSA public key (not wrapped in a X.509 PublicKeyInfo) as DER encoded ASN.1 object.
boolean	equals(java.lang.Object obj) Compares this RSAPublicKey object with the supplied object.
java.lang.String	getAlgorithm() Returns the name of the appertaining algorithm.
byte[]	getFingerprint() Returns the fingerprint of this RSA public key.
java.math.BigInteger	getModulus() Returns the modulus of the public key.
java.math.BigInteger	getPublicExponent() Returns the public exponent of the public key.
int	hashCode() Returns a hash code for this object.
boolean	isValidSP80089SignatureVerificationKey() Checks whether this public key is valid for signature verification according to NIST SP 800-89.
boolean	isValidSP80089SignatureVerificationKey(int securityStrength) Checks whether this public key is valid for signature verification according to NIST SP 800-89.
static RSAPublicKey	parse(byte[] publicKey) This method parses a RSA public key.
java.lang.String	toString() Returns a string that represents the contents of this RSA public key.

Methods inherited from class iaik.x509.PublicKeyInfo

clone, createPublicKeyInfo, decode, getAlgorithmID, getEncoded, getFormat, getPublicKey, getPublicKey, getPublicKey, getPublicKey, getPublicKey, getPublicKey, toASN1Object, writeTo

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Key

getEncoded, getFormat

Constructor Detail

RSAPublicKey

public RSAPublicKey(java.math.BigInteger modulus,
            java.math.BigInteger publicExponent)

Creates a new RSAPublicKey with given values for the modulus n and the public exponent e.

Parameters:

modulus - the modulus of the key

publicExponent - the public exponent of the key

RSAPublicKey

public RSAPublicKey(java.security.spec.RSAPublicKeySpec keySpec)

Creates a new RSAPublicKey from the given RSAPublicKeySpec representing modulus n and public exponent e.

Parameters:

keySpec - the RSAPublicKeySpec representing modulus n and public exponent e

RSAPublicKey

public RSAPublicKey(java.security.interfaces.RSAPublicKey key)

Creates a new RSAPublicKey from the given RSAPublicKey representing modulus n and public exponent e.

Parameters:

key - the RSAPublicKey representing modulus n and public exponent e

RSAPublicKey

public RSAPublicKey(byte[] pk)
             throws java.security.InvalidKeyException

Creates a new RSAPublicKey from the given DER encoded byte array.

This constructor may be used for parsing an already existing RSA public key, wrapped into a X.509 PublicKeyInfo that is supplied as DER encoded byte array.

Parameters:

pk - the byte array holding the DER encoded public key info

Throws:

java.security.InvalidKeyException - if something is wrong with the key encoding

RSAPublicKey

public RSAPublicKey(ASN1Object obj)
             throws java.security.InvalidKeyException

Creates a new RSAPublicKey from the given ASN.1 object. The supplied ASN1Object represents a X.509 PublicKeyInfo holding the RSA public key.

Parameters:

obj - the public key ASN.1 structure

Throws:

java.security.InvalidKeyException - if something is wrong with the key encoding

RSAPublicKey

public RSAPublicKey(java.io.InputStream is)
             throws java.io.IOException,
                    java.security.InvalidKeyException

Creates a new RSAPublicKey from an InputStream.

This constructor may be used for parsing an already existing RSA public key, wrapped into a X.509 PublicKeyInfo that is supplied as DER encoded byte array.

Parameters:

is - an input stream with the data to be read to initialize the public key

Throws:

java.io.IOException - if an I/O error occurs

java.security.InvalidKeyException - if something is wrong with the key encoding

Method Detail

decode

protected void decode(byte[] publicKey)
               throws java.security.InvalidKeyException

Decodes a RSAPublicKey, encoded in DER format (PKCS#1).

From the given DER encoded byte array an ASN.1 object is created and parsed for modulus n and public exponent e.

This method is protected and typically will not be used by an application. Rather it is used by the parent X.509 PublicKeyInfo class for decoding the inherent RSA public key.

Specified by:

decode in class PublicKeyInfo

Parameters:

publicKey - the public key as DER encoded ASN.1 object (PKCS#1)

Throws:

java.security.InvalidKeyException - if something is wrong with the encoding of the key

parse

public static RSAPublicKey parse(byte[] publicKey)
                          throws java.security.InvalidKeyException

This method parses a RSA public key. The format must be RSAPublicKey as defined in PKCS#1.

Parameters:

publicKey - a "RAW" RSA public key

Throws:

java.security.InvalidKeyException - if the given key is not a RSA public key

encode

public byte[] encode()

Returns the raw (PKCS#1) RSA public key (not wrapped in a X.509 PublicKeyInfo) as DER encoded ASN.1 object.

This method typically may not be used by an application. Rather it is used by the parent X.509 PublicKeyInfo class for encoding the inherent RSA public key.

Specified by:

encode in class PublicKeyInfo

Returns:

a byte array holding the RSA public key as a DER encoded ASN.1 datastructure (PKCS#1)

crypt

public java.math.BigInteger crypt(java.math.BigInteger message)

Deprecated. Use iaik.pkcs.pkcs1.RSACipher#rawPublicRSA instead.

Uses the public key to encrypt or decrypt a message. Simply performs a modulo exponentiation.

Parameters:

message - the message to en/decrypt as BigInteger

Returns:

the encrypted or decrypted message

getAlgorithm

public java.lang.String getAlgorithm()

Returns the name of the appertaining algorithm.

Specified by:

getAlgorithm in interface java.security.Key

Specified by:

getAlgorithm in class PublicKeyInfo

Returns:

the string "RSA"

getPublicExponent

public java.math.BigInteger getPublicExponent()

Returns the public exponent of the public key.

Specified by:

getPublicExponent in interface java.security.interfaces.RSAPublicKey

Returns:

the public exponent

getModulus

public java.math.BigInteger getModulus()

Returns the modulus of the public key.

Specified by:

getModulus in interface java.security.interfaces.RSAKey

Returns:

the modulus

getFingerprint

public byte[] getFingerprint()

Returns the fingerprint of this RSA public key. This is a MD5 hash of the DER encoded SubjectPublicKey.

Overrides:

getFingerprint in class PublicKeyInfo

Returns:

the fingerprint of this RSA public key

hashCode

public int hashCode()

Returns a hash code for this object.

Overrides:

hashCode in class PublicKeyInfo

Returns:

the hash code

toString

public java.lang.String toString()

Returns a string that represents the contents of this RSA public key.

Overrides:

toString in class PublicKeyInfo

Returns:

the string representation

equals

public boolean equals(java.lang.Object obj)

Compares this RSAPublicKey object with the supplied object.

Overrides:

equals in class PublicKeyInfo

Parameters:

obj - the object to be compared

Returns:

true if the two objects are RSAPublicKey objects with same modulus and exponent, false otherwise

isValidSP80089SignatureVerificationKey

public boolean isValidSP80089SignatureVerificationKey()

Checks whether this public key is valid for signature verification according to NIST SP 800-89.

This method may only be used to validate RSA public keys that are used for signature verification and compliance with NIST SP 800-89 is required. Note that in accordance with item 1) below this method will only accept keys with a modulus length of 1024, 2048 or 3072 bits!

According to NIST SP 800-89 an RSA public key that is used for signature verification shall be validated by the following procedure (see section 5.3.3 of NIST SP 800-89, (Explicit) Partial Public Key Validation for RSA):

1. Length of the modulus: Check that the length of the modulus n (nlen) is a length specified in FIPS 186-3. If the desired security strength is known, then the length shall be appropriate for that security strength.
2. Size of the public exponent e: Check that the value of the public key e lies in the range specified in FIPS 186-3. If the desired security strength is known, then the range shall be appropriate for that security strength.
3. Oddness: Check that n and e are odd.
4. Compositeness: Check that n fails an Approved primality test. Approved primality tests are provided in FIPS 186-3. If n is valid, the test will indicate that n is a composite number, as the Approved probable prime tests prove compositeness when they fail to indicate that the number is a probable prime.
5. Not a power of a prime: Check that n is not a power of a prime, i.e., there are no integers b >= 2, c >= 2 such that n = b^c. This can be done by obtaining an output of COMPOSITE AND NOT A POWER OF A PRIME using the enhanced Miller-Rabin primality test in FIPS 186-3.
6. No very small factors: Check that GCD (n, r) = 1 where r is (in decimal).
   145188775577763990151158743208307020242261438098488931355057091965 931517706595657435907891265414916764399268423699130577757433083166 651158914570105971074227669275788291575622090199821297575654322355 049043101306108213104080801056529374892690144291505781966373045481 8359472391642885328171302299245556663073719855.
   Note that the value of r is the product of the 132 smallest odd primes, from 3 to 751. This value is used to determine that the factors of n (i.e., p and q) are not less than 751. More potential small factors greater than 751 may also be tested in a similar fashion, if desired.

Returns:

true, if the public key could be successfully validated false otherwise

isValidSP80089SignatureVerificationKey

public boolean isValidSP80089SignatureVerificationKey(int securityStrength)

Checks whether this public key is valid for signature verification according to NIST SP 800-89.

This method may only be used to validate RSA public keys that are used for signature verification and compliance with NIST SP 800-89 is required. Note that in accordance with item 1) below this method will only accept keys with a modulus length of 1024, 2048 or 3072 bits!

According to NIST SP 800-89 an RSA public key that is used for signature verification shall be validated by the following procedure (see section 5.3.3 of NIST SP 800-89, (Explicit) Partial Public Key Validation for RSA):

1. Length of the modulus: Check that the length of the modulus n (nlen) is a length specified in FIPS 186-3. If the desired security strength is known, then the length shall be appropriate for that security strength.
2. Size of the public exponent e: Check that the value of the public key e lies in the range specified in FIPS 186-3. If the desired security strength is known, then the range shall be appropriate for that security strength.
3. Oddness: Check that n and e are odd.
4. Compositeness: Check that n fails an Approved primality test. Approved primality tests are provided in FIPS 186-3. If n is valid, the test will indicate that n is a composite number, as the Approved probable prime tests prove compositeness when they fail to indicate that the number is a probable prime.
5. Not a power of a prime: Check that n is not a power of a prime, i.e., there are no integers b >= 2, c >= 2 such that n = b^c. This can be done by obtaining an output of COMPOSITE AND NOT A POWER OF A PRIME using the enhanced Miller-Rabin primality test in FIPS 186-3.
6. No very small factors: Check that GCD (n, r) = 1 where r is (in decimal).
   145188775577763990151158743208307020242261438098488931355057091965 931517706595657435907891265414916764399268423699130577757433083166 651158914570105971074227669275788291575622090199821297575654322355 049043101306108213104080801056529374892690144291505781966373045481 8359472391642885328171302299245556663073719855.
   Note that the value of r is the product of the 132 smallest odd primes, from 3 to 751. This value is used to determine that the factors of n (i.e., p and q) are not less than 751. More potential small factors greater than 751 may also be tested in a similar fashion, if desired.

Parameters:

securityStrength - the security strength to be checked or -1 if the security strength shall not be checked

Returns:

true, if the public key could be successfully validated false otherwise