What Is Key Encoding?
This section describes private and public key encoding standards: PKCS#8 is used for encoding private keys and X.509 is used for encoding public keys.
What is Key Encoding?
Key encoding is the process of converting encryption and decryption keys, or private and public keys,
into a specific encoding format for storing them in files or transmitting them to remote systems.
As you can see from the previous chapter, JDK supports two commonly used key encoding standards:
- PKCS#8 - PKCS stands for Public-Key Cryptography Standards, developed by RSA Security currently
a division of EMC. PKCS#8 describes syntax for private-key information, including a private key
for some public-key algorithm and a set of attributes. PKCS#8 is mainly used to encode private keys.
- X.509 - X.509 is an ITU-T standard for a public key infrastructure (PKI) for single sign-on
and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things,
standard formats for public key certificates, certificate revocation lists, attribute certificates,
and a certification path validation algorithm.
To manage different key encoding standards, JDK offers a group of classes:
- KeyFactory - A class to convert keys between Key objects and EncodedKeySpec objects.
- EncodedKeySpec - An abstract class offers a grouping point of all sub classes that represent
various key encoding standards.
- PKCS8EncodedKeySpec - A sub class of EncodedKeySpec represents the ASN.1 encoding
of a private key based on PKCS#8 standard.
- X509EncodedKeySpec - A sub class of EncodedKeySpec represents the ASN.1 encoding
of a public key based on X.509 standard.
See next sections on how to use these key encoding classes.
Last update: 2013.
Table of Contents
About This Book
Cryptography Basic Concepts
Introduction to AES (Advanced Encryption Standard)
Introduction to DES Algorithm
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
DES in Stream Cipher Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
Introduction of RSA Algorithm
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
►PKCS#8/X.509 Private/Public Encoding Standards
►What Is Key Encoding?
PKCS#8 and X.509 Key Encoding Classes
java.security.KeyFactory - Reading Encoded Keys
JcaKeyFactoryTest.java - Key Factory Test Program
Reading DSA Private and Public Key Files
Reading RSA Private and Public Key Files
Cipher - Public Key Encryption and Decryption
MD5 Mesasge Digest Algorithm
SHA1 Mesasge Digest Algorithm
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Managing Certificates
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"
Using Certificates in IE (Internet Explorer)
Using Certificates in Firefox
Using Certificates in Google Chrome
PDF Printing Version