Jekyll2025-02-25T19:04:19+00:00https://www.txedo.com/feed.xmltxedo.comThis blog is built using [Jekyll](https://jekyllrb.com/){:target="_blank"} and proudly hosted by DigitalOcean® App Platform.
Contents of this website are © 2020 under the terms of the [MIT License](https://www.txedo.com/LICENSE){:target="_blank"}.
Source code related to the contents of this blog is open source and can be downloaded from [GitHub](https://github.com/txedo){:target="_blank"}.Read RSA keys from PEM files in Java2014-11-12T12:47:07+00:002014-11-12T12:47:07+00:00https://www.txedo.com/blog/java-read-rsa-keys-pem-file<p>In a previous tutorial we dealt with <a href="/blog/java-generate-rsa-keys-write-pem-file/">RSA key generation and how to save them to PEM files in Java</a>. In this tutorial we will learn how to <strong>read RSA keys from PEM files</strong> that we previously created. Once again, we will make use of the <strong>BouncyCastle library</strong> to take benefit from its PEM related classes, such as <code class="language-plaintext highlighter-rouge">PemObject</code> and <code class="language-plaintext highlighter-rouge">PemReader</code>.<!--more--></p>
<p>To deal with this tutorial it is required:</p>
<ul>
<li>Maven.</li>
<li>JDK 1.6+</li>
<li>An IDE, such as Eclipse or Spring Tool Suite.</li>
</ul>
<h1 class="no_toc" id="table-of-contents">Table of Contents</h1>
<ul id="markdown-toc">
<li><a href="#1-create-a-maven-project" id="markdown-toc-1-create-a-maven-project">1. Create a Maven project</a></li>
<li><a href="#2-configure-the-pom-file" id="markdown-toc-2-configure-the-pom-file">2. Configure the POM file</a></li>
<li><a href="#3-create-pemfile-class-to-encapsulate-pem-file-io-operations" id="markdown-toc-3-create-pemfile-class-to-encapsulate-pem-file-io-operations">3. Create PemFile class to encapsulate PEM file I/O operations</a></li>
<li><a href="#4-create-the-main-program-class" id="markdown-toc-4-create-the-main-program-class">4. Create the main program class</a></li>
<li><a href="#5-result" id="markdown-toc-5-result">5. Result</a></li>
<li><a href="#download-the-code" id="markdown-toc-download-the-code">Download the code</a></li>
<li><a href="#references" id="markdown-toc-references">References</a></li>
</ul>
<h1 id="1-create-a-maven-project">1. Create a Maven project</h1>
<p>Having Maven installed and its environment variables properly configured, execute the following command in a shell to create a brand new Maven project:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mvn archetype:generate <span class="nt">-DgroupId</span><span class="o">=</span>com.txedo.security <span class="nt">-DartifactId</span><span class="o">=</span>bouncycastle-pem-read <span class="nt">-DarchetypeArtifactId</span><span class="o">=</span>maven-archetype-quickstart <span class="nt">-DinteractiveMode</span><span class="o">=</span><span class="nb">false</span>
</code></pre></div></div>
<p>Import the project into your favourite IDE and let’s get down to work.</p>
<h1 id="2-configure-the-pom-file">2. Configure the POM file</h1>
<p>Although we could have just evolved the <a href="https://github.com/txedo/bouncycastle-rsa-pem-write" target="_blank">bouncycastle-rsa-pem-write</a> project, we have opted for creating a new one to add the new functionality. I suggest you as homework to merge both projects together. That said, the first step is to edit the pom file and add the <strong>BouncyCastle</strong> dependency. In the snippet below, we also added the <strong>log4j</strong> dependency to print some debug traces in our program.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><project</span> <span class="na">xmlns=</span><span class="s">"http://maven.apache.org/POM/4.0.0"</span> <span class="na">xmlns:xsi=</span><span class="s">"http://www.w3.org/2001/XMLSchema-instance"</span>
<span class="na">xsi:schemaLocation=</span><span class="s">"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"</span><span class="nt">></span>
<span class="nt"><modelVersion></span>4.0.0<span class="nt"></modelVersion></span>
<span class="nt"><groupId></span>com.txedo.security<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>bouncycastle-pem-read<span class="nt"></artifactId></span>
<span class="nt"><version></span>0.0.1-SNAPSHOT<span class="nt"></version></span>
<span class="nt"><dependencies></span>
<span class="nt"><dependency></span>
<span class="nt"><groupId></span>org.bouncycastle<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>bcprov-jdk15on<span class="nt"></artifactId></span>
<span class="nt"><version></span>1.51<span class="nt"></version></span>
<span class="nt"></dependency></span>
<span class="nt"><dependency></span>
<span class="nt"><groupId></span>log4j<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>log4j<span class="nt"></artifactId></span>
<span class="nt"><version></span>1.2.17<span class="nt"></version></span>
<span class="nt"></dependency></span>
<span class="nt"></dependencies></span>
<span class="nt"></project></span>
</code></pre></figure>
<figcaption>pom.xml</figcaption>
</figure>
<h1 id="3-create-pemfile-class-to-encapsulate-pem-file-io-operations">3. Create PemFile class to encapsulate PEM file I/O operations</h1>
<p>Create the <code class="language-plaintext highlighter-rouge">PemFile</code> class and add a constructor that accepts a string as argument to initialize a <code class="language-plaintext highlighter-rouge">PemObject</code> attribute (<em>line 14</em>). The argument must be the full path and filename to a PEM file located anywhere in your local hard drive or classpath. Do not forget to close the reader after successfully or unsuccessfully performing the reading operation to avoid warnings or unexpected behavior (<em>line 18</em>). Later, the main program will create <code class="language-plaintext highlighter-rouge">PemFile</code> instances and actually read RSA keys.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-java" data-lang="java"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
</pre></td><td class="code"><pre><span class="kn">import</span> <span class="nn">java.io.FileInputStream</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.FileNotFoundException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.InputStreamReader</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.util.io.pem.PemObject</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.util.io.pem.PemReader</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">class</span> <span class="nc">PemFile</span> <span class="o">{</span>
<span class="kd">private</span> <span class="nc">PemObject</span> <span class="n">pemObject</span><span class="o">;</span>
<span class="kd">public</span> <span class="nf">PemFile</span><span class="o">(</span><span class="nc">String</span> <span class="n">filename</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span>
<span class="nc">PemReader</span> <span class="n">pemReader</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemReader</span><span class="o">(</span><span class="k">new</span> <span class="nc">InputStreamReader</span><span class="o">(</span><span class="k">new</span> <span class="nc">FileInputStream</span><span class="o">(</span><span class="n">filename</span><span class="o">)));</span>
<span class="k">try</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span class="na">pemObject</span> <span class="o">=</span> <span class="n">pemReader</span><span class="o">.</span><span class="na">readPemObject</span><span class="o">();</span>
<span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
<span class="n">pemReader</span><span class="o">.</span><span class="na">close</span><span class="o">();</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="kd">public</span> <span class="nc">PemObject</span> <span class="nf">getPemObject</span><span class="o">()</span> <span class="o">{</span>
<span class="k">return</span> <span class="n">pemObject</span><span class="o">;</span>
<span class="o">}</span>
<span class="o">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<figcaption>PemFile.java</figcaption>
</figure>
<h1 id="4-create-the-main-program-class">4. Create the main program class</h1>
<p>The main class have two key generation methods, one for the private key and another for the public key that actually read RSA keys, and the main method that orchestrates all together.</p>
<p>First, the generate private key method (<em>line 38</em>) takes the filename to instantiate a <code class="language-plaintext highlighter-rouge">PemFile</code> instance and read the private RSA key, build a <code class="language-plaintext highlighter-rouge">PKCS8EncodedKeySpec</code> and then generate the private key. The generate public key method (<em>line 45</em>) takes seamlessly the filename to instantiate a <code class="language-plaintext highlighter-rouge">PemFile</code> instance and read the public RSA key, build a <code class="language-plaintext highlighter-rouge">X509EncodedKeySpec</code> and then generate the public key.</p>
<p>Finally, the main method adds the <code class="language-plaintext highlighter-rouge">BouncyCastle</code> provider (<em>line 23</em>), gets a key factory instance using such provider (<em>line 26</em>) and generates previously read RSA keys by calling the generation methods described above.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-java" data-lang="java"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
</pre></td><td class="code"><pre><span class="kn">import</span> <span class="nn">java.io.FileNotFoundException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.KeyFactory</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.NoSuchAlgorithmException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.NoSuchProviderException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.PrivateKey</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.PublicKey</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.Security</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.spec.InvalidKeySpecException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.spec.PKCS8EncodedKeySpec</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.spec.X509EncodedKeySpec</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.apache.log4j.Logger</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.jce.provider.BouncyCastleProvider</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">class</span> <span class="nc">Main</span> <span class="o">{</span>
<span class="kd">protected</span> <span class="kd">final</span> <span class="kd">static</span> <span class="nc">Logger</span> <span class="no">LOGGER</span> <span class="o">=</span> <span class="nc">Logger</span><span class="o">.</span><span class="na">getLogger</span><span class="o">(</span><span class="nc">Main</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
<span class="kd">public</span> <span class="kd">final</span> <span class="kd">static</span> <span class="nc">String</span> <span class="no">RESOURCES_DIR</span> <span class="o">=</span> <span class="s">"src/main/resources/rsa-sample/"</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span><span class="o">,</span> <span class="nc">NoSuchAlgorithmException</span><span class="o">,</span> <span class="nc">NoSuchProviderException</span> <span class="o">{</span>
<span class="nc">Security</span><span class="o">.</span><span class="na">addProvider</span><span class="o">(</span><span class="k">new</span> <span class="nc">BouncyCastleProvider</span><span class="o">());</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"BouncyCastle provider added."</span><span class="o">);</span>
<span class="nc">KeyFactory</span> <span class="n">factory</span> <span class="o">=</span> <span class="nc">KeyFactory</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"RSA"</span><span class="o">,</span> <span class="s">"BC"</span><span class="o">);</span>
<span class="k">try</span> <span class="o">{</span>
<span class="nc">PrivateKey</span> <span class="n">priv</span> <span class="o">=</span> <span class="n">generatePrivateKey</span><span class="o">(</span><span class="n">factory</span><span class="o">,</span> <span class="no">RESOURCES_DIR</span> <span class="o">+</span> <span class="s">"id_rsa"</span><span class="o">);</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"Instantiated private key: %s"</span><span class="o">,</span> <span class="n">priv</span><span class="o">));</span>
<span class="nc">PublicKey</span> <span class="n">pub</span> <span class="o">=</span> <span class="n">generatePublicKey</span><span class="o">(</span><span class="n">factory</span><span class="o">,</span> <span class="no">RESOURCES_DIR</span> <span class="o">+</span> <span class="s">"id_rsa.pub"</span><span class="o">);</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"Instantiated public key: %s"</span><span class="o">,</span> <span class="n">pub</span><span class="o">));</span>
<span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">InvalidKeySpecException</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span>
<span class="n">e</span><span class="o">.</span><span class="na">printStackTrace</span><span class="o">();</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="kd">private</span> <span class="kd">static</span> <span class="nc">PrivateKey</span> <span class="nf">generatePrivateKey</span><span class="o">(</span><span class="nc">KeyFactory</span> <span class="n">factory</span><span class="o">,</span> <span class="nc">String</span> <span class="n">filename</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">InvalidKeySpecException</span><span class="o">,</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span>
<span class="nc">PemFile</span> <span class="n">pemFile</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemFile</span><span class="o">(</span><span class="n">filename</span><span class="o">);</span>
<span class="kt">byte</span><span class="o">[]</span> <span class="n">content</span> <span class="o">=</span> <span class="n">pemFile</span><span class="o">.</span><span class="na">getPemObject</span><span class="o">().</span><span class="na">getContent</span><span class="o">();</span>
<span class="nc">PKCS8EncodedKeySpec</span> <span class="n">privKeySpec</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PKCS8EncodedKeySpec</span><span class="o">(</span><span class="n">content</span><span class="o">);</span>
<span class="k">return</span> <span class="n">factory</span><span class="o">.</span><span class="na">generatePrivate</span><span class="o">(</span><span class="n">privKeySpec</span><span class="o">);</span>
<span class="o">}</span>
<span class="kd">private</span> <span class="kd">static</span> <span class="nc">PublicKey</span> <span class="nf">generatePublicKey</span><span class="o">(</span><span class="nc">KeyFactory</span> <span class="n">factory</span><span class="o">,</span> <span class="nc">String</span> <span class="n">filename</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">InvalidKeySpecException</span><span class="o">,</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span>
<span class="nc">PemFile</span> <span class="n">pemFile</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemFile</span><span class="o">(</span><span class="n">filename</span><span class="o">);</span>
<span class="kt">byte</span><span class="o">[]</span> <span class="n">content</span> <span class="o">=</span> <span class="n">pemFile</span><span class="o">.</span><span class="na">getPemObject</span><span class="o">().</span><span class="na">getContent</span><span class="o">();</span>
<span class="nc">X509EncodedKeySpec</span> <span class="n">pubKeySpec</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">X509EncodedKeySpec</span><span class="o">(</span><span class="n">content</span><span class="o">);</span>
<span class="k">return</span> <span class="n">factory</span><span class="o">.</span><span class="na">generatePublic</span><span class="o">(</span><span class="n">pubKeySpec</span><span class="o">);</span>
<span class="o">}</span>
<span class="o">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<figcaption>Main.java</figcaption>
</figure>
<h1 id="5-result">5. Result</h1>
<p>Once the program is executed, we get a console output like this:</p>
<!-- title: Console output -->
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Main:27 - BouncyCastle provider added.
Main:34 - Instantiated private key: RSA Private CRT Key
modulus: 80bfe9b773b36733509054642c2b5ab9f6ed3bb7f05d891b53dc04b9197c3bc0fb989dd3b9fff74ec53e38911089173c9507db1ed237f105e09e7de8b07dd1ec7c1c4859a80586fa909b8c7e3bfac90a696b51416d8d9b0774ffe3ffe494f36f5063e0f75b12772d7397ac297b2f45cd579b0fc24f36f206c8a8f4d07f2fe4dd
public exponent: 10001
private exponent: 67ff9d806c5b3c3f7d1238b8f9dcc35a78154529dd6510bd1c4e1b1a917582a6ee14675881643b964b496953f471686dad4c3d3976416dd57b8d4ad34ccd35658a8ffdabe54c349034777a0540b803baaa0274a2ff9ae188920789c88a27cb1973ff3a54c3995583029cc560764b4bb49bf33850d6960f0aed5148b15d69aa59
primeP: ef2b3fbb698e696a42bd5868cc1af071243ac93c21f770b835350c990d8fca2d0c36f4a00389356cf34aa4d23bd9717b0475eb7f46b69da1ad7742096b6aef7f
primeQ: 89cf6770a0abd13425b670d678814d9a826f5b02e2c6696dff6355fc0431ece44cef4b29985d72c928200938881dacf05ca4bd2e4109a3f58d1b362c924a19a3
primeExponentP: 9d3bb499740ac0f8afc9a52eb848599c3832418bbbd4dd90ecc1e47756781a75451b77f51e7dfcd694979505f57cbd631f8a9a78c1375b28284f47e5c36db8e7
primeExponentQ: 553020813ed0f741850e823211cbdc6ce6b46f4e19610d4b31d3f6131384c92b576394d2e19ce297f675d73d5ae6fd4098043ded99c69bd3eea62396e9d76481
crtCoefficient: daac44c1e731d792eabef504d577622b578082651bae4fa0c1e58579aaac6f64f9933f363252ccf2689bf0b981cf976ee41030730a8a8bc8a059aff86976a1fe
Main:37 - Instantiated public key: RSA Public Key
modulus: 80bfe9b773b36733509054642c2b5ab9f6ed3bb7f05d891b53dc04b9197c3bc0fb989dd3b9fff74ec53e38911089173c9507db1ed237f105e09e7de8b07dd1ec7c1c4859a80586fa909b8c7e3bfac90a696b51416d8d9b0774ffe3ffe494f36f5063e0f75b12772d7397ac297b2f45cd579b0fc24f36f206c8a8f4d07f2fe4dd
public exponent: 10001
</code></pre></div></div>
<p>The output indicates that the program read successfully the <code class="language-plaintext highlighter-rouge">id_rsa</code> and <code class="language-plaintext highlighter-rouge">id_rsa.pub</code> PEM files and printed them out in terms of modulus and exponents.</p>
<h1 id="download-the-code">Download the code</h1>
<p>The code used in this article to read RSA keys from PEM files in Java can be found in GitHub:</p>
<ul>
<li><a href="https://github.com/txedo/bouncycastle-rsa-pem-read" target="_blank">GitHub repository: Read RSA keys from PEM files in Java</a></li>
</ul>
<h1 id="references">References</h1>
<ol>
<li><a href="https://www.bouncycastle.org/" target="_blank">The Legion of the Bouncy Castle</a></li>
</ol>{"picture"=>"/assets/images/profilepic/avatar01.jpeg", "twitter"=>"txedo"}In a previous tutorial we dealt with RSA key generation and how to save them to PEM files in Java. In this tutorial we will learn how to read RSA keys from PEM files that we previously created. Once again, we will make use of the BouncyCastle library to take benefit from its PEM related classes, such as PemObject and PemReader.Generate RSA keys and write to a PEM file in Java2014-11-10T01:13:36+00:002014-11-10T01:13:36+00:00https://www.txedo.com/blog/java-generate-rsa-keys-write-pem-file<p>In this tutorial we will learn how to <strong>generate RSA keys in Java</strong> and write them to <strong>PEM</strong> files. <strong>BouncyCastle</strong> will be used to do this task. <em>BouncyCastle</em> is a library that consist, among others, of a JCE/JCA provider (Java Cryptography Extension/Java Cryptography Architecture) and a set of classes to handle PEM files.<!--more--></p>
<p>To deal with this tutorial it is required:</p>
<ul>
<li>Maven.</li>
<li>JDK 1.6+</li>
<li>An IDE, such as Eclipse or Spring Tool Suite.</li>
</ul>
<h1 class="no_toc" id="table-of-contents">Table of Contents</h1>
<ul id="markdown-toc">
<li><a href="#1-create-a-maven-project" id="markdown-toc-1-create-a-maven-project">1. Create a Maven project</a></li>
<li><a href="#2-configure-the-pom-file" id="markdown-toc-2-configure-the-pom-file">2. Configure the POM file</a></li>
<li><a href="#3-create-a-class-to-encapsulate-io-operations-and-pem-file-handling-logic" id="markdown-toc-3-create-a-class-to-encapsulate-io-operations-and-pem-file-handling-logic">3. Create a class to encapsulate I/O operations and PEM file handling logic</a></li>
<li><a href="#4-create-the-main-program-class" id="markdown-toc-4-create-the-main-program-class">4. Create the main program class</a></li>
<li><a href="#5-execute-the-program" id="markdown-toc-5-execute-the-program">5. Execute the program</a></li>
<li><a href="#download-the-code" id="markdown-toc-download-the-code">Download the code</a></li>
<li><a href="#references" id="markdown-toc-references">References</a></li>
</ul>
<h1 id="1-create-a-maven-project">1. Create a Maven project</h1>
<p>Having Maven installed and its environment variables properly configured, execute the following command in a shell:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mvn archetype:generate <span class="nt">-DgroupId</span><span class="o">=</span>com.txedo.security <span class="nt">-DartifactId</span><span class="o">=</span>bouncycastle-pem-write <span class="nt">-DarchetypeArtifactId</span><span class="o">=</span>maven-archetype-quickstart <span class="nt">-DinteractiveMode</span><span class="o">=</span><span class="nb">false</span>
</code></pre></div></div>
<p>As result, a Maven project will be created in your current working directory. Finally, import the project in your IDE.</p>
<p><img src="/assets/images/2014-11/bouncycastle-pem-write.png" alt="Project structure: Generate RSA keys and write to a PEM file in Java" title="Project structure" /></p>
<h1 id="2-configure-the-pom-file">2. Configure the POM file</h1>
<p>Add the <strong>BouncyCastle</strong> library to the Maven dependencies. In the snippet below, we also added the <strong>log4j</strong> dependency to print some debug traces in our program.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><project</span> <span class="na">xmlns=</span><span class="s">"http://maven.apache.org/POM/4.0.0"</span> <span class="na">xmlns:xsi=</span><span class="s">"http://www.w3.org/2001/XMLSchema-instance"</span>
<span class="na">xsi:schemaLocation=</span><span class="s">"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"</span><span class="nt">></span>
<span class="nt"><modelVersion></span>4.0.0<span class="nt"></modelVersion></span>
<span class="nt"><groupId></span>com.txedo.security<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>bouncycastle-pem-write<span class="nt"></artifactId></span>
<span class="nt"><version></span>0.0.1-SNAPSHOT<span class="nt"></version></span>
<span class="nt"><dependencies></span>
<span class="nt"><dependency></span>
<span class="nt"><groupId></span>org.bouncycastle<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>bcprov-jdk15on<span class="nt"></artifactId></span>
<span class="nt"><version></span>1.51<span class="nt"></version></span>
<span class="nt"></dependency></span>
<span class="nt"><dependency></span>
<span class="nt"><groupId></span>log4j<span class="nt"></groupId></span>
<span class="nt"><artifactId></span>log4j<span class="nt"></artifactId></span>
<span class="nt"><version></span>1.2.17<span class="nt"></version></span>
<span class="nt"></dependency></span>
<span class="nt"></dependencies></span>
<span class="nt"></project></span>
</code></pre></figure>
<figcaption>pom.xml</figcaption>
</figure>
<h1 id="3-create-a-class-to-encapsulate-io-operations-and-pem-file-handling-logic">3. Create a class to encapsulate I/O operations and PEM file handling logic</h1>
<p>We have created the class <code class="language-plaintext highlighter-rouge">PemFile</code> that encapsulates the creation of a <code class="language-plaintext highlighter-rouge">PemObject</code>, included in the <em>BouncyCastle</em> library, and the file write operation.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-java" data-lang="java"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
</pre></td><td class="code"><pre><span class="kn">import</span> <span class="nn">java.io.FileInputStream</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.FileNotFoundException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.FileOutputStream</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.InputStreamReader</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.OutputStreamWriter</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.Key</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.util.io.pem.PemObject</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.util.io.pem.PemReader</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.util.io.pem.PemWriter</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">class</span> <span class="nc">PemFile</span> <span class="o">{</span>
<span class="kd">private</span> <span class="nc">PemObject</span> <span class="n">pemObject</span><span class="o">;</span>
<span class="kd">public</span> <span class="nf">PemFile</span> <span class="o">(</span><span class="nc">Key</span> <span class="n">key</span><span class="o">,</span> <span class="nc">String</span> <span class="n">description</span><span class="o">)</span> <span class="o">{</span>
<span class="k">this</span><span class="o">.</span><span class="na">pemObject</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemObject</span><span class="o">(</span><span class="n">description</span><span class="o">,</span> <span class="n">key</span><span class="o">.</span><span class="na">getEncoded</span><span class="o">());</span>
<span class="o">}</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">write</span><span class="o">(</span><span class="nc">String</span> <span class="n">filename</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span>
<span class="nc">PemWriter</span> <span class="n">pemWriter</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemWriter</span><span class="o">(</span><span class="k">new</span> <span class="nc">OutputStreamWriter</span><span class="o">(</span><span class="k">new</span> <span class="nc">FileOutputStream</span><span class="o">(</span><span class="n">filename</span><span class="o">)));</span>
<span class="k">try</span> <span class="o">{</span>
<span class="n">pemWriter</span><span class="o">.</span><span class="na">writeObject</span><span class="o">(</span><span class="k">this</span><span class="o">.</span><span class="na">pemObject</span><span class="o">);</span>
<span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
<span class="n">pemWriter</span><span class="o">.</span><span class="na">close</span><span class="o">();</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<figcaption>PemFile.java</figcaption>
</figure>
<h1 id="4-create-the-main-program-class">4. Create the main program class</h1>
<p>The main program class responsibility is to create the RSA keys and to orchestrate everything. Optionally, we added the BouncyCastle provider (<em>line 21</em>). The BouncyCastle is used later to get the <code class="language-plaintext highlighter-rouge">KeyPairGenerator</code> singleton instance (<em>line 34</em>). Once the keys are created (<em>lines 25-26</em>), the <strong>private key</strong> and <strong>public key</strong> are written to the <code class="language-plaintext highlighter-rouge">id_rsa</code> and <code class="language-plaintext highlighter-rouge">id_rsa.pub</code> files, respectively.</p>
<figure class="lineno-container">
<figure class="highlight"><pre><code class="language-java" data-lang="java"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
</pre></td><td class="code"><pre><span class="kn">import</span> <span class="nn">java.io.FileNotFoundException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.Key</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.KeyPair</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.KeyPairGenerator</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.NoSuchAlgorithmException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.NoSuchProviderException</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.Security</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.interfaces.RSAPrivateKey</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">java.security.interfaces.RSAPublicKey</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.apache.log4j.Logger</span><span class="o">;</span>
<span class="kn">import</span> <span class="nn">org.bouncycastle.jce.provider.BouncyCastleProvider</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">class</span> <span class="nc">Main</span> <span class="o">{</span>
<span class="kd">protected</span> <span class="kd">final</span> <span class="kd">static</span> <span class="nc">Logger</span> <span class="no">LOGGER</span> <span class="o">=</span> <span class="nc">Logger</span><span class="o">.</span><span class="na">getLogger</span><span class="o">(</span><span class="nc">Main</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
<span class="kd">public</span> <span class="kd">static</span> <span class="kd">final</span> <span class="kt">int</span> <span class="no">KEY_SIZE</span> <span class="o">=</span> <span class="mi">1024</span><span class="o">;</span>
<span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span><span class="o">,</span> <span class="nc">NoSuchAlgorithmException</span><span class="o">,</span> <span class="nc">NoSuchProviderException</span> <span class="o">{</span>
<span class="nc">Security</span><span class="o">.</span><span class="na">addProvider</span><span class="o">(</span><span class="k">new</span> <span class="nc">BouncyCastleProvider</span><span class="o">());</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"BouncyCastle provider added."</span><span class="o">);</span>
<span class="nc">KeyPair</span> <span class="n">keyPair</span> <span class="o">=</span> <span class="n">generateRSAKeyPair</span><span class="o">();</span>
<span class="nc">RSAPrivateKey</span> <span class="n">priv</span> <span class="o">=</span> <span class="o">(</span><span class="nc">RSAPrivateKey</span><span class="o">)</span> <span class="n">keyPair</span><span class="o">.</span><span class="na">getPrivate</span><span class="o">();</span>
<span class="nc">RSAPublicKey</span> <span class="n">pub</span> <span class="o">=</span> <span class="o">(</span><span class="nc">RSAPublicKey</span><span class="o">)</span> <span class="n">keyPair</span><span class="o">.</span><span class="na">getPublic</span><span class="o">();</span>
<span class="n">writePemFile</span><span class="o">(</span><span class="n">priv</span><span class="o">,</span> <span class="s">"RSA PRIVATE KEY"</span><span class="o">,</span> <span class="s">"id_rsa"</span><span class="o">);</span>
<span class="n">writePemFile</span><span class="o">(</span><span class="n">pub</span><span class="o">,</span> <span class="s">"RSA PUBLIC KEY"</span><span class="o">,</span> <span class="s">"id_rsa.pub"</span><span class="o">);</span>
<span class="o">}</span>
<span class="kd">private</span> <span class="kd">static</span> <span class="nc">KeyPair</span> <span class="nf">generateRSAKeyPair</span><span class="o">()</span> <span class="kd">throws</span> <span class="nc">NoSuchAlgorithmException</span><span class="o">,</span> <span class="nc">NoSuchProviderException</span> <span class="o">{</span>
<span class="nc">KeyPairGenerator</span> <span class="n">generator</span> <span class="o">=</span> <span class="nc">KeyPairGenerator</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"RSA"</span><span class="o">,</span> <span class="s">"BC"</span><span class="o">);</span>
<span class="n">generator</span><span class="o">.</span><span class="na">initialize</span><span class="o">(</span><span class="no">KEY_SIZE</span><span class="o">);</span>
<span class="nc">KeyPair</span> <span class="n">keyPair</span> <span class="o">=</span> <span class="n">generator</span><span class="o">.</span><span class="na">generateKeyPair</span><span class="o">();</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="s">"RSA key pair generated."</span><span class="o">);</span>
<span class="k">return</span> <span class="n">keyPair</span><span class="o">;</span>
<span class="o">}</span>
<span class="kd">private</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">writePemFile</span><span class="o">(</span><span class="nc">Key</span> <span class="n">key</span><span class="o">,</span> <span class="nc">String</span> <span class="n">description</span><span class="o">,</span> <span class="nc">String</span> <span class="n">filename</span><span class="o">)</span>
<span class="kd">throws</span> <span class="nc">FileNotFoundException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span>
<span class="nc">PemFile</span> <span class="n">pemFile</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PemFile</span><span class="o">(</span><span class="n">key</span><span class="o">,</span> <span class="n">description</span><span class="o">);</span>
<span class="n">pemFile</span><span class="o">.</span><span class="na">write</span><span class="o">(</span><span class="n">filename</span><span class="o">);</span>
<span class="no">LOGGER</span><span class="o">.</span><span class="na">info</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%s successfully writen in file %s."</span><span class="o">,</span> <span class="n">description</span><span class="o">,</span> <span class="n">filename</span><span class="o">));</span>
<span class="o">}</span>
<span class="o">}</span>
</pre></td></tr></tbody></table></code></pre></figure>
<figcaption>Main.java</figcaption>
</figure>
<h1 id="5-execute-the-program">5. Execute the program</h1>
<p>Once the program is executed, we get a console output like this:
<!-- title: Console output --></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Main:26 - BouncyCastle provider added.
Main:42 - RSA key pair generated.
Main:51 - RSA PRIVATE KEY successfully writen in file id_rsa.
Main:51 - RSA PUBLIC KEY successfully writen in file id_rsa.pub.
</code></pre></div></div>
<p>And two files named <code class="language-plaintext highlighter-rouge">id_rsa</code> and <code class="language-plaintext highlighter-rouge">id_rsa.pub</code> containing the private key and the public key:
<!-- title id_rsa --></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>-----BEGIN RSA PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJLORhDfV6VwpZCF
0ZgCKc7cP3Sy5EFkkHY1LKDNqhYmU+ey7GzNjJbm/JIZQwtufcpP8K14kEq2rHo/
F2hN5DQ0hRpSAXljxuz0Y0l5DeELQYrYjcjFMOU5071ebBNuCxm7x3hqSXt/LlmW
GBo73rf3cksI5sxlKEvr69fl4vUJAgMBAAECgYBViTxHzmn56hV9jIrff7suXSPX
8feOpnKJfVgAZXSJrVFL+fNJPcaBkhptYayvt3QxcbxwxoOEFMWQALy5uFCSuWk8
WOiUVlVoCZUjW1fn6z3N0WiuW0yJH315yYjHunFI9THaToIT8XXANZPMS6Jw84Qy
EmNKF6DgirYKvmEyAQJBAORadaff+2yh9r8r25SIIujQpogYMB+JbyAtfSwHMPIC
ZWC137ah1hYj82KutL0yQ9r/6iM+/lY9a5W6SvpWpkECQQCklFfjFxlQ13VrkrGp
h8duqbWm0BdX32lqaTNPscDaz60GWw7LPNhb0LY2mlTP1iSgWdt3VCWKvowHA1Qh
92zJAkANxEJZl5BB0VXd2pgHUVnBbWrMw6CLFi8D4posQFa8EFbqSKyvBvywIwS2
S1AMI+6hUlJcQ5zzuAo3YZ7JjtXBAkARrd3DBzgw9vQmGhv7mhpSSOi6gp//UICC
bcqVRQLyflyX0jBEpMSZGFJ6ixmROe+1SfHJX8Cops9j8XeYLnwBAkEAqxZUZ4NB
kfTwjtxIsZhwaBHKPduFPg+kSKCvTwqpn87D2E0jk/dL4oFk3/otj4L1j1aelFb8
hmciN50QAVL2Bg==
-----END RSA PRIVATE KEY-----
</code></pre></div></div>
<!-- title id_rsa.pub -->
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>-----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSzkYQ31elcKWQhdGYAinO3D90
suRBZJB2NSygzaoWJlPnsuxszYyW5vySGUMLbn3KT/CteJBKtqx6PxdoTeQ0NIUa
UgF5Y8bs9GNJeQ3hC0GK2I3IxTDlOdO9XmwTbgsZu8d4akl7fy5ZlhgaO96393JL
CObMZShL6+vX5eL1CQIDAQAB
-----END RSA PUBLIC KEY-----
</code></pre></div></div>
<h1 id="download-the-code">Download the code</h1>
<p>The code used in this article to generate RSA keys and write them to a PEM file can be found in GitHub:</p>
<ul>
<li><a href="https://github.com/txedo/bouncycastle-rsa-pem-write" target="_blank">GitHub repository: Generate RSA keys and write them to a PEM file</a></li>
</ul>
<h1 id="references">References</h1>
<ol>
<li><a href="https://www.bouncycastle.org/" target="_blank">The Legion of the Bouncy Castle</a></li>
</ol>{"picture"=>"/assets/images/profilepic/avatar01.jpeg", "twitter"=>"txedo"}In this tutorial we will learn how to generate RSA keys in Java and write them to PEM files. BouncyCastle will be used to do this task. BouncyCastle is a library that consist, among others, of a JCE/JCA provider (Java Cryptography Extension/Java Cryptography Architecture) and a set of classes to handle PEM files.