Mark,
On 8/25/21 10:28, Mark Thomas wrote:
On 25/08/2021 15:10, Christopher Schultz wrote:
All,
I'm trying to do this without looking at the code which is in Tomcat
because I'd like to release it separately and not have to worry about
figuring out hos to get permission, etc.
It is ALv2 so the requirements are pretty minimal. You just need to
include a copy of the ALv2, note you based it on Apache Tomcat and don;t
use any ASF trademarks in your product name.
Hmm. I seem to recall asking someone if I could contribute your PEMFile
stuff to the PostgreSQL JDBC driver project (they only support
non-encrypted DER files directly) and the reply I got was something
along the lines of "horrific copyright violation/IP theft/good luck
finding all the original authors and getting their permission/etc."
(paraphrasing).
I'm working on a piece of code which can load the following types of
PEM-encoded DER files with private keys in them. Each is a different
flavor of terrible.
BEGIN PRIVATE KEY (pkcs8, pretty easy)
BEGIN RSA PRIVATE KEY (RFC 3447/pkcs1, requires ASN.1)
BEGIN RSA PRIVATE KEY (with encryption)
BEGIN EC PRIVATE KEY (RFC 5915, requires ASN.1)
BEGIN ENCRYPTED PRIVATE KEY (also pkcs8)
I have completed the work on these:
BEGIN PRIVATE KEY
BEGIN RSA PRIVATE KEY
BEGIN RSA PRIVATE KEY (with encryption)
I'm now working on:
BEGIN EC PRIVATE KEY
I think I can get everything I need out of the ASN.1 structure of the
file, but I'm getting caught up in the Java API for EC crypto.
In order to create an RSA private key, one need only assemble the
various values required for the RSA key (e, n, etc.) and stick them
into an RSAPrivateKeySpec object, then generate the key from the KeySpec.
For EC, however, you need what appears to be a whole menagerie of
classes, many of which it's not clear how to construct.
Is there an easier way to do this? Shortcuts are fine: I'm not married
to the idea of manually-parsing the ASN.1 structure and
manually-building the Java objects required if the API already
supports some sort of shortcut.
If there is *not* an easier way to do this, I'm wondering how to
construct the following objects. Here is the code I have so far:
String algorithm = "EC"; // I know this from the file type
byte[] keybytes = ...; // These come from the ASN.1 structure
String curveOID = ...; // This comes from the ASN.1 stucture
byte[] paramBits = ...; // This also comes from the ASN.1 structure
Curve curve = getCurve(curveOID); // I have this, at least for the one
curve I'm working with at the moment
ECField ecField = ???; // This should be a part of the curve definition?
EllipticCurve curve = new EllipticCurve(ecField, curve.getA(),
curve.getB());
ECParameterSpec paramSpec = ???; // How to convert paramBits to this?
// This is the easy part
PrivateKey key = KeyFactory.getInstance(algorithm).generatePrivate(new
ECPrivateKeySpec(new BigInteger(keybytes), paramSpec));
Is there a better way to get the curve definition (from e.g. the OID)
than manually-building the ECField and EllipticCurve objects?
Sorry, I'd have to look at the Tomcat code to answer that. That isn't
really any different to you looking yourself.
Interesting. You parse the ASN.1 structure and re-write it into PKCS#8
ASN, then parse it as such.
It occurs to me that, like Digester and possibly other components before
it, Tomcat has some useful cryptographic functions that we might
consider packaging separately. I think a component which can read a
PEMFile in its many incarnations is a very valuable thing on its own.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
