stackoom
  简体   繁体   中英

Storing a X25519 key pair in a BouncyCastle BCFKS keystore

 原文  2021-04-25 09:43:05       java/ bouncycastle/ keystore/ curve-25519/ x25519

Question

For the purposes of performing a Diffie-Hellman key agreement with Curve25519 , I am generating the following key pair using BouncyCastle 1.68 :

// Generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyPairGenerator.initialize(new XDHParameterSpec(XDHParameterSpec.X25519));
KeyPair keyPair = keyPairGenerator.generateKeyPair();

Using this key pair I am now successfully able to perform a key agreement:

// Perform a (dummy) key agreement
KeyAgreement keyAgreement = KeyAgreement.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyAgreement.init(keyPair.getPrivate());
keyAgreement.doPhase(keyPair.getPublic(), true);
byte[] secret = keyAgreement.generateSecret();

Now I would like to securely store this keypair in a BCFKS keystore for future use, something like this:

// Create a key store for the key pair
KeyStore keyStore = KeyStore.getInstance("BCFKS", BouncyCastleProvider.PROVIDER_NAME);
keyStore.load(null, "keyStorePassword".toCharArray());

// Put the key pair in the key store as a PrivateKeyEntry
final X509Certificate selfSignedCertificate = generateSelfSignedCertificate(keyPair); // TODO: How to generate a certificate?
final KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{selfSignedCertificate});
keyStore.setEntry("alias", entry, new KeyStore.PasswordProtection("keyEntryPassword".toCharArray()));

... except the KeyStore.PrivateKeyEntry constructor expects a certificate (as opposed to a public key), and X25519 cannot by definition be used to sign a certificate. (Attempting to create a Signer using it naturally fails with java.lang.IllegalArgumentException: Unknown signature type requested: X25519 )

Am I missing something obvious here, or is there currently no simple way to put a X25519 key pair in a BCFKS keystore? Is there maybe a workaround I can apply, considering I don't really need a certificate, just a way to store the private/public keys in the keystore?

1 answers

solution1
 0 ACCPTED  2021-04-27 21:13:03

The thing is that the X25519 certificate doesn't need to be self-signed.

Signing the certificate using a 2nd bogus/throwaway key (fi RSA) works just fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to generate PublicKey for PrivateKey in X25519? java.security.NoSuchAlgorithmException: Algorithm x25519 not available Storing a Diffie-Hellman key pair for reuse in a KeyStore in Java Storing key using Keystore KeyStore Explorer - Created key pair? Storing a hmac key in Android keystore How to generate curve25519 key pair for diffie hellman algorithm? Storing key using KeyStore in Android Import Public Private key pair to a Keystore Storing AES Secret key using keystore in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM