Re: reading in PKCS8 DSA priv key to java

Greg Stark Thu, 30 Aug 2001 06:33:13 -0700
--redirected to -users


> Notice that the P and Q values for the openssl output start with '00'.
Could
> this be due to the fact that java does not support signed data types?
When I
> take the same key

Something like that. The DER encoding that openssl is using has to support
negative numbers. So, the rules for encoding a positive number whose
high-order bit (on an 8-bit boundary) is 1 is to make the length one longer
and output a leading zero. But it looks like you java program has the same
integer, so I don't think that is the source of the problem.


====================
Greg Stark
[EMAIL PROTECTED]
====================


----- Original Message -----
From: "Mark W. Webb" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 30, 2001 8:29 AM
Subject: Re: reading in PKCS8 DSA priv key to java


> On Wednesday 29 August 2001 07:47 pm, you wrote:
>
> first of all, thank you for responding.  What you suggest is what I am
doing.
>  What I find strange is that when I print out the P,Q and R values for the
> key using openssl, and my java program, I get the following results :
>
> ------------
> Java
> -------------
>         p:     c35f2efa 5bab8850 c8e4d2e4 a3d25207 2cf4a6fe 2a673aae
023dc01c
> 4e6ce849
>     cb130624 05421867 54fa193a 159e2276 801d5236 eac25c70 95a79b44
bdd7c66b
>     1bc34431 a6ab3538 7ee735d2 c7d73d6a 965c327d 1258b53f 6da7f0d1
a59a9240
>     c9207e70 e7310182 56020686 f24073ba 6676df5f 8edab5a9 1bc039de
40422747
>         q:     9d07aad9 33486f08 dfba4bc2 5ba7a611 01782903
>         g:     14ea2c90 e51e455a 99b1698f 4c371bd5 4893dfb4 21d1fde1
72885c13
> e8acd371
>     716e4d31 b9a15184 2d485274 d1230c3d 2d1af640 d3992b1b f1bdac2b
fe39652e
>     23ab6d61 f6217ede 05943784 4819e23b 78b5d459 09fc7939 44d11c30
c59fa476
>     083aa6bc 2abf60cf 25712ed3 426ae9ba aae5836f f67d9576 5298144c
845bb13c
>
> --------------
> openssl
> --------------
> key.cfg is the PKCS8 encoded DSA private key.
> openssl pkcs8 -in key.cfg -inform DER -out DSA.DER -outform DER -nocrypt
> -embed
> openssl dsa -in DSA.DER -inform DER -text -modulus
> P:
>     00:c3:5f:2e:fa:5b:ab:88:50:c8:e4:d2:e4:a3:d2:
>     52:07:2c:f4:a6:fe:2a:67:3a:ae:02:3d:c0:1c:4e:
>     6c:e8:49:cb:13:06:24:05:42:18:67:54:fa:19:3a:
>     15:9e:22:76:80:1d:52:36:ea:c2:5c:70:95:a7:9b:
>     44:bd:d7:c6:6b:1b:c3:44:31:a6:ab:35:38:7e:e7:
>     35:d2:c7:d7:3d:6a:96:5c:32:7d:12:58:b5:3f:6d:
>     a7:f0:d1:a5:9a:92:40:c9:20:7e:70:e7:31:01:82:
>     56:02:06:86:f2:40:73:ba:66:76:df:5f:8e:da:b5:
>     a9:1b:c0:39:de:40:42:27:47
> Q:
>     00:9d:07:aa:d9:33:48:6f:08:df:ba:4b:c2:5b:a7:
>     a6:11:01:78:29:03
> G:
>     14:ea:2c:90:e5:1e:45:5a:99:b1:69:8f:4c:37:1b:
>     d5:48:93:df:b4:21:d1:fd:e1:72:88:5c:13:e8:ac:
>     d3:71:71:6e:4d:31:b9:a1:51:84:2d:48:52:74:d1:
>     23:0c:3d:2d:1a:f6:40:d3:99:2b:1b:f1:bd:ac:2b:
>     fe:39:65:2e:23:ab:6d:61:f6:21:7e:de:05:94:37:
>     84:48:19:e2:3b:78:b5:d4:59:09:fc:79:39:44:d1:
>     1c:30:c5:9f:a4:76:08:3a:a6:bc:2a:bf:60:cf:25:
>     71:2e:d3:42:6a:e9:ba:aa:e5:83:6f:f6:7d:95:76:
>     52:98:14:4c:84:5b:b1:3c
>
> Notice that the P and Q values for the openssl output start with '00'.
Could
> this be due to the fact that java does not support signed data types?
When I
> take the same key, and sign a SHA-1 hash, my java program fails the
signature
> verification, and my C program passes.  The DSA signature is being
verified
> on a C based program.
>
> thanks again for your help....
>
> > Something like this should do the trick:
> >
> > byte[] encodedKey; // read from file
> > PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
> > KeyFactory keyFactory = KeyFactory.getInstance("DSA");
> > DSAPrivateKey privKey =
> > (DSAPrivateKey)keyFactory.generatePrivate(keySpec);
> >
> > Regards,
> >
> > Steven
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Mark W. Webb
> > Sent: Thursday, 30 August 2001 5:53 AM
> > To: [EMAIL PROTECTED]
> > Subject: reading in PKCS8 DSA priv key to java
> >
> >
> > I know this may be off topic, but I wrote some code to create a DSA key
> > pair,
> > and matching certificate.  The private key is stored in a file with
PKCS8
> > encoding.  I want to be able to read the private key file into my java
> > program.  The certificate is used by a C based program.
> >
> > Can someone give me some help as to how and read the private key into my
> > java
> > program.
> >
> > Thank you.
>
> --
> Mark Webb
> Software Engineer
> Dolphin Technology
> 1300B Floyd Ave
> Rome, NY 13440
>
> Phone: (315) 334-4892 x222
> Fax: (315) 339-4846
> Email: [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: reading in PKCS8 DSA priv key to java

Reply via email to
