Diffie Hellman Public Key from openSSL is throwing InvalidKeySpecException

Similar Messages

• Certificate for the Diffie-Hellman Public Key

  Hi all
  Hey guys I have run out of ideas.I 'm trying to generate a self signed certificate for the Diffie-Hellman public key.Can anyone tell me how to do this plz.
  Thanks inadvance
  LundiE

  Does this even make sense? What would you sign it
  with? The choices provided by Sun are RSA and DSA.So you trying to tell me that its not possible to generate a self-signed certificate for the Diffie-Hellman.Becoz the way I think a certificate incorporates a public key and the certificate is signed using another keys.
  Thanx once for your input
  Cracker

• S/MIME Outlook finds no Public Key from AD

  I have setup Autoenrollment for S/MIME from my Internal PKI (Two tier published to ad) . I used these templates with option "Publish to AD"
  Signing = Exchange Signature Only
  Encryption = Exchange User
  My Subject Name is FQDN and Email for both. Alternative also email.
  I successfully deployed certificates based on the created templates and i see them in outlook. They are also published to ad and i can look them up in "AD User & Computer" and adsi edit (its the same amount of certifcates in attribute userCertificate)
  My understanding is that i could now send an encrypted message to my test user and outlook would find the public key in my AD. So i don't have to publish them to GAL.
  But when i try to send a signed and encrypted message outlook says it can not encrypt message, only sign them. When i look up the certificate for the signed message it says valid and trusted. Is there a way to troubleshoot this because i can't what i'm missing.

  This error is often related to a not yet updated offline address book! See
  this thread for a discussion of this and of more issues. Other issues could be: AD not replicated yet, users have published another certificate ('Publish to GAL') that is expired.
  Generally, this error is typical due to Outlook looking in different places (some of then non-obvious, as userSMIMEcertificate) and replication delays / caching - but not because of issues with the certificate.
  Elke

• How to obtain public key from a .crt file

  Hi
  I am new to cryptography Please correct me if my understanding regarding the digital signature is correct and i need help to get the public key.
  I have a x.crt file which contains following fields
  1) x
  2)y
  3) Certificate
  this certificate contains following fields
  certificate version
  owner id
  name
  public key
  signature (which is obtained by signing from start of x.crt till public key with private key)
  now i need to verify whether the signature for that i need to get the public key & signature from this .crt file. Is it how i need to verify the certificate ?? please help me as I am a newbie in cryptography

  Hi all
  Thanks for the reply
  So to get the public key now i used the following code
  byte[] dataPub = new byte[256]; // size of the public key
  try {
                      byteArrayInputStream.read(dataPub);
                 } catch (IOException e1) {
                      // TODO Auto-generated catch block
                      e1.printStackTrace();
            BigInteger modulus = new BigInteger(dataPub);
       BigInteger exponent = new BigInteger("65537"); // specified in the document
       RSAPublicKeySpec rpks = new RSAPublicKeySpec(modulus, exponent);
       KeyFactory kf = null;
                 try {
                      kf = KeyFactory.getInstance("RSA");
                 } catch (NoSuchAlgorithmException e1) {
                      // TODO Auto-generated catch block
                      e1.printStackTrace();
       try {
                      pk = kf.generatePublic(rpks);
                      System.out.println("Pb Key----------------:"+pk.toString());
                 } catch (InvalidKeySpecException e) {
                      // TODO Auto-generated catch block
                      e.printStackTrace();
  When I convert the pk.toString I am getting a negative modulus value . Can the modulus value be negative ??
  Edited by: 800317 on Oct 8, 2010 5:51 AM

• Get Modulus and exp from public key

  Hi friends,
  I'm extracting the public key from the X.509 certificate .Is there
  any way i can extract modulus and exponent from the public
  key. i'm using bouncy castle api . Any suggestions are greatly appreciated.
  //Generate Certificate
  //Extract public key
  PublicKey merchKey = cert.getPublicKey();
  //Pls suggest the way to extract mod and exp from public key
  Regards
  Jag

  PublicKey merchKey = cert.getPublicKey();
  RSAPublicKey rsaPub = (RSAPublicKey) merchKey;
  BigInteger modulus = rsaPub.getModulus();
  BigInteger exponent = rsaPub.getPublicExponent();

• Get user public key (ssh) from MDS 9509

  how can get public key from a user on MDS 9509?

  I'm not sure exactly what you are looking for, but to create keys for SSH, you will want to enable SSH like this:
  ssh server enable
  Then, you can generate a key like this:
  ssh key
  Or to specify the key for a user, it would be like this from the CLI:
  username ssh

• Diffie-hellman

  hello,
  I encrypted my data with symetric method (DES) and I would like to protect my key transfer by Diffie-hellman method.
  Diffie-hellman use this calcul: g^x * mod(p)
  on my card i have this code :
  public void genereCleDH(){
             clePrive = new byte[14];
             clePublic = new byte[29];
            KeyPair keypair = new KeyPair(KeyPair.ALG_EC_FP, (short)112);
            keypair.genKeyPair();
           privateKey = (ECPrivateKey) keypair.getPrivate();
           publicKey = (ECPublicKey) keypair.getPublic();
            publicKey.getW(clePublic, (short)0);
            privateKey.getS(clePrive, (short)0);
       public void envoyerClePublicDC(APDU apdu){
            apdu.setOutgoing();
            apdu.setOutgoingLength((short)clePublic.length);
            apdu.sendBytesLong(clePublic,(short) 0, (short) clePublic.length);
       }for my client I have this code:
       public byte[] initDH(){
           X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(apdu.dataOut);
           KeyFactory keyFact = KeyFactory.getInstance("DH");
           PublicKey clientpublicKey =  keyFact.generatePublic(x509KeySpec);
       DHParameterSpec dhParamSpec = (DHParameterSpec)((DHPublicKey)clientpublicKey).getParams();
          KeyPairGenerator clientKpairGen = KeyPairGenerator.getInstance("DH");
          clientKpairGen.initialize(dhParamSpec);
          KeyPair bobKpair = clientKpairGen.generateKeyPair();
          KeyAgreement clientKeyAgree = KeyAgreement.getInstance("DH");
          clientKeyAgree.init(bobKpair.getPrivate());
          clientKeyAgree.doPhase((Key) clientpublicKey, true);
          byte[] clientPubKeyEnc = bobKpair.getPublic().getEncoded();
          clientKeyAgree.doPhase((Key) clientpublicKey, true);
          byte[] bobSharedSecret = clientKeyAgree.generateSecret();
            return clientPubKeyEnc;
            return null;
       }but I have a problem at this line:
  PublicKey clientpublicKey =  keyFact.generatePublic(x509KeySpec);and a try catch show this error : "Inappropriate key specification".
  1) The problem come from of my card or my client?
  2) I send the public key data, and I built a new publicKey with X509EncodedKeySpec, but isn't it easer to give "A", "g" and "p" parameters ("x" is my private data, "A" my result of "g^x * mod(p))?
  3)
  {code}publicKey = (ECPublicKey) keypair.getPublic();{code}
  publicKey contains my public data "A","g" and "p": but which part of the array contains each data?
  4) My client (using java) can call X509EncodedKeySpec, but how can i do with my applet (when my client will send this public data)?
  5) When I will have the secret key with my applet and my client, how can I use it with my DES key?
  thank for your help.
  Alexis

  Alexis wrote:
  >
  The SunJCE implementation is kind enough to swallow the exception thrown by the DHPubliKey class when it attempts to decode the X.509 key data you pass in
  >
  I don't understand what you mean. The code snippet I posted is from OpenJDK source code. It catches any exception that is thrown from the call to create a DH public key from the X509 encoded key spec. new DHPublicKey(((X509EncodedKeySpec)keySpec).getEncoded()) If your encoding is incorrect then you will not know why. X509 encoded keys have a specific ASN.1 structure.
  >
  Considering you have the public key on the card, you should try using the javax.crypto.spec.DHPublicKeySpec using the three key components from the card key.
  >
  for that I need to know which value of my byte[] area corresponding to "y","p" and "g". In addition I think on my card I have create an elliptic curve for diffie-hellman method (KeyPair.ALG_EC_FP) and on my client (java) I use "DH" method.
  So I think the problem come from the differents method used ("ALG_EC_FP" and "DH"). But I don't find " ALG_EC_FP" on java.The problem is that you are getting one component of your key (getW). Can you post the hex dump of the key you are getting back?
  You would need to get 3 components of your key to use the DHKeySpec (getField getG and getW maybe?). This will give you three byte arrays representing BigIntegers that you could use to initialise your key.
  Cheers,
  Shane

• Retrieved public key not match with real public key on certificate

  //@@public key from certificate
  *30 81 89 02 81 81*
  +00 92 28 98 7b 71 5e 3b 58 93 7a 58 cd 9e b8 17 c6 8e 74 51 c7 32 be 73 c6 54 d6 e5 3b c8 3c 89 c5 6c cd 59 b2 40 58 f2 83 f4 8d c8 b0 5f 57 26 d9 27 88 ff 76 1b 2d 5e 78 8c aa 66 2e 68 1e ed 01 5a 09 c9 5f fb 11 9d 33 4d 57 f1 02 f8 61 4b 71 08 c9 da db 5c a7 c8 fa a6 ed f6 d5 1b 78 72 20 33 0b 80 6c 07 e0 14 7c 49 b5 e3 aa 39 79 28 9e 76 3f 9c 23 7b ea 5c b3 fd 79 cb d5 71 3d d4 f9 02 03 01 00 01+
  //@@retrieved public key from certificate partially not match
  *30 3F 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 3F 3F 00 30 3F 89 02 3F 3F*
  +00 92 28 98 7B 71 5E 3B 58 93 7A 58 CD 9E B8 17 C6 8E 74 51 C7 32 BE 73 C6 54 D6 E5 3B C8 3C 89 C5 6C CD 59 B2 40 58 F2 83 F4 3F C8 B0 5F 57 26 D9 27 88 FF 76 1B 2D 5E 78 8C AA 66 2E 68 1E ED 01 5A 09 C9 5F FB 11 3F 33 4D 57 F1 02 F8 61 4B 71 08 C9 DA DB 5C A7 C8 FA A6 ED F6 D5 1B 78 72 20 33 0B 80 6C 07 E0 14 7C 49 B5 E3 AA 39 79 28 9E 76 3F 9C 23 7B EA 5C B3 FD 79 CB D5 71 3D D4 F9 02 03 01 00 01+
       * Convert into hex values
       private static String hex(String binStr) {
            String newStr = new String();
            try {
                 String hexStr = "0123456789ABCDEF";
                 byte [] p = binStr.getBytes();
                 for(int k=0; k < p.length; k++ ){
                      int j = ( p[k] >> 4 )&0xF;
                      newStr = newStr + hexStr.charAt( j );
                      j = p[k]&0xF;
                      newStr = newStr + hexStr.charAt( j ) + " ";
            } catch (Exception e) {
                 System.out.println("Failed to convert into hex values: " + e);
            return newStr;
       * Get public key from keystore.
       * The public key is in the certificate.
       private static Key getPublicKey(String keyname, String keystore)
       throws IOException, KeyStoreException, NoSuchAlgorithmException,
       CertificateException {
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(keystore), KEYSTORE_PASS.toCharArray());
            X509Certificate cert = (X509Certificate) ks.getCertificate(keyname);
            if (cert != null) {
                 return cert.getPublicKey();
            return null;
  // Read the public key from keystore certificate
                 RSAPublicKey keystorepub = (RSAPublicKey) keystorecert.getPublicKey();
                 tempPub = keystorepub.getEncoded();
                 sPub = new String( tempPub );
                 System.out.println("Public key from keystore:\n" + hex(sPub) + "\n");Italic part is match part however bold part is not match, i think should be calculation on convert hex incorrect.

  the public key on certificate can view direct in hex format although inside the certificate is in byte[] format,hence during extract public key from certificate via java code,need to convert from byte[] to hex string and then compare it.
  this is the picture of certificate that display public key in hex format
  [http://i225.photobucket.com/albums/dd135/ocibala109/cert.jpg]
  Edited by: ocibala on Oct 7, 2008 8:51 PM

• Can't read load RSA public key with JDK 1.4.2_08?

  We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
  Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
  This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
  This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
  The code that is failing on the client side is:
  try {
     encKey = new byte[this.publicKeyInputStream.available()];
     this.publicKeyInputStream.read(encKey);
     spec = new X509EncodedKeySpec(encKey);
     keyFactory = KeyFactory.getInstance("RSA",  "org.bouncycastle.jce.provide.BouncyCastleProvider");
     myPublicKey = keyFactory.generatePublic(spec);
     return myPublicKey;
  catch (Exception e) {
     e.printStackTrace();
  }The stack trace that I'm getting includes ...
  java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
     at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
     at java.security.KeyFactory.generatePublic(Unknown Source)
     at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
     at org.opencoral.util.Encryption.<init>(SourceFile:119)
     at org.opencoral.main.Coral.<init>(SourceFile:338)
     at org.opencoral.main.Coral.main(SourceFile:1919)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at com.sun.javaws.Launcher.executeApplication(Unknown Source)
     at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
     at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
     at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
     at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
     at com.sun.javaws.Launcher.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
  Any thoughts or insights?
  Thanks,
  John Shott

  I'm facing the same Exception here,
  With JDK 1.5 (SUNJce) i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
  rity.InvalidKeyException: Invalid RSA public key
  at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
  With BouncyCastle i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
  .IllegalArgumentException: invalid info structure in RSA public key
  at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
  JDKKeyFactory.java:345)
  Any Solution?

• Smartcard: Accessing public key without loading keystore

  I have been able to use pkcs11-tool (opensc) to access my public key from a smartcard without entering a pin. Is there an equivilant way to do this using sunpkcs11?

  If your smartcard's firmware permits accessing public objects without authentication (as most do), then you can access them with JCE too (though SunPKCS11). After you have configured the SunPKCS11 configuration file, all your Java program has to do is load the KeyStore, get an enumeration of the aliases, determine which one is a certificate, instantiate an X509Certificate and finally extract the PublicKey out of the certificate.

• How to reconstruct same EC public key

  Hello
  I need to reconstruct EC public key from certificate.
  I have these information as:
  x = 66:6d:59:b1:fb:53:c1:c9:98:c1:2c:71:73:1d:3a:36:a3:7c:d9:95:
  y = ca:de:ee:96:c1:56:c8:d7:c7:85:2b:39:b5:fe:fd:1f:a3:ce:18:c7
  secp160r2
  How can I create ECParameterSpec object from information secp160r2 ?
  Because for creating of ECPublicSpec are necessary to have knowledge of ECPoint and ECParameterSpec objects.
  Can somebody help me resolve this problem ?
  I want to achieve

  I found this sollution:
  ECPoint tempPoint = new ECPoint(
  new BigInteger("666d59b1fb53c1c998c12c71731d3a36a37cd995", 16),
  new BigInteger("cadeee96c156c8d7c7852b39b5fefd1fa3ce18c7", 16));
  org.bouncycastle.jce.spec.ECNamedCurveParameterSpec params =
  ECNamedCurveTable.getParameterSpec("secp160r2");
  org.bouncycastle.jce.spec.ECNamedCurveSpec xxx = new ECNamedCurveSpec(
  params.getName(), params.getCurve(), params.getG(), params.getN(),
  params.getH());
  ECPublicKeySpec spec = new ECPublicKeySpec(tempPoint,xxx);
  PublicKey pub2 = keyFactory.generatePublic(spec);
  byte[] encPub = pub2.getEncoded();
  FileOutputStream pubfos = new FileOutputStream("pub2.key");
  pubfos.write(encPub);
  pubfos.close();

• Question on determining key strength (Diffie-Hellman Key Exchange)

  Greetings everyone!
  Im working on my thesis which implements the use of the Diffie-Hellman key exchange. One problem that I encounter was how to assess and evaluate its strength given N-size of the public keys used. Does anyone know what is the recommended key size to achieve security with the Diffie-Hellman key exchange? And in what way was it determined?
  Sincerely,
  Paolo Ferrer

  Well, Diffie-Hellman is a key exchange protocol, not a cypher. If you mean RSA, then the recommended minimum is 2048 bits. This is determined by estimating the amount of time it would take to break a shorter key by brute force. 256 bits can be broken on a PC in hours. 512 can be broken on several hundred PCs over a couple of days (this is all very rough stuff). 1024 could theoretically be broken by a computer that might be built in the next decade or so in under a decade so - or something like that. So, 2048 is the rule of thumb - but it depends what you need it for. To send a secure message to your grandmother, it's unlikely the whole world will pool their resources to learn the text of your message in 10 years.
  If, on the other hand, this is an email to your Justice department's Whitehouse liaison, you might want 4096 bits.
  Look up "Diffie Hellman Key Exchange" and RSA on wikipedia.org for some good references.

• About Diffie-Hellman Key Exchange Algorihtm

  Hi... experts. I've got a problem about Diffie-Hellman Key Exchange. Is that possible to actually exchange a secret session key via Diffie-Hellman Key Exchange? or the secret session key (g^xy) is actually generated after the exchange of g^x and g^y by the two parties? My project supervisor made me confused with it, he is sure that the first case can be done. Please give me some ideas... Thanks a lot!!!
  Regards,
  Yating

  ejp, thanks for the reply!
  What is exchanged is the
  means by which it can be independently and
  identically calculated by both parties.That's exactly what I learn from the Diffie-Hellman algorithm, but he kept saying that he wanted me to distribute a shared secret via the key exchange. I really have no idea about what he is talking about. Do you have any ideas?
  Regards,
  Yating

• Need help with Diffie-Hellman key-exchange protocol

  How can i show that the Diffie-Hellman key-exchange protocol is vulnerable to a man-in-themiddle
  attack and Devise a protocol using digital signatures which overcomes this vulnerability

  Given that the error is "Invalid Parameters", you might want to show us how "dhparameters" is being set up on both sides...
  Grant

• Diffie Hellman Key Agreement

  Hi All,
  Can some one help me with a example to encrypt a string using Diffie hellman key agreement protocol
  Thanks &Regards
  Murali

  There are plenty of samples provided with the Javadoc.