I have generated an Ed25519 key pair using bouncy castle. For my own source of randomness I need to use BC.
Converting it to PKCS8, to be able to use the key without BC, the encoded key spec is not recognized.
Ed25519PrivateKeyParameters.getEncoded() to PrivateKey (PKCS8EncodedKeySpec).
Do you know, that format / bin encoding BC use at class Ed25519PrivateKeyParameters?
public byte[] getEncoded()
Currently I am failing in converting it to PKCS8.
KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance("Ed25519", "BC");
PrivateKey privKey = keyFactory.generatePrivate(keySpec);
failing with
java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[]: long form definite-length more than 31 bits
public static Ed25519PrivateKeyParameters createKeyBc() throws Exception {
Security.addProvider(new BouncyCastleProvider());
Ed25519KeyPairGenerator generator = new Ed25519KeyPairGenerator();
Ed25519KeyGenerationParameters spec = new Ed25519KeyGenerationParameters(new SecureRandom());
generator.init(spec);
AsymmetricCipherKeyPair kp = generator.generateKeyPair();
return (Ed25519PrivateKeyParameters) kp.getPrivate();
}
public static PrivateKey convertToJavaPrivateKey(Ed25519PrivateKeyParameters privateKeyParameters)
throws Exception {
byte[] privateKeyBytes = privateKeyParameters.getEncoded();
KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance("Ed25519", "BC");
return keyFactory.generatePrivate(keySpec);
}
Ed25519PrivateKeyParameters.getEncoded() should be converted to PKCS8.
Thank you for your answer
The following code illustrates one method of doing this conversion. I think the only step you were missing was PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(privateKeyParameters);
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
public class Ed25519PrivBcToJava1 {
public static void main(String[] args) throws Exception {
AsymmetricCipherKeyPair keyPair = generateEd25519KeyPair();
Ed25519PrivateKeyParameters privateKeyParameters = (Ed25519PrivateKeyParameters) keyPair.getPrivate();
PrivateKey privKey = convertToJavaPrivateKey(privateKeyParameters);
}
private static AsymmetricCipherKeyPair generateEd25519KeyPair() {
SecureRandom rand = new SecureRandom();
Ed25519KeyGenerationParameters kpgParams = new Ed25519KeyGenerationParameters(rand);
Ed25519KeyPairGenerator kpg = new Ed25519KeyPairGenerator();
kpg.init(kpgParams);
return kpg.generateKeyPair();
}
public static PrivateKey convertToJavaPrivateKey(Ed25519PrivateKeyParameters privateKeyParameters) throws Exception {
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(privateKeyParameters);
byte[] pkcs8EncodedBytes = privInfo.getEncoded();
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(pkcs8EncodedBytes);
// System.out.println(Base64.getEncoder().encodeToString(pkcs8EncodedBytes));
KeyFactory kf = KeyFactory.getInstance("Ed25519");
return kf.generatePrivate(pkcs8KeySpec);
}
}