RFC 6030 has a sample (Figure 8) which is encrypted with PKI public key, but it doesn't say where we can get the another half part - its private key.
If you are also looking for the private key, here it is PSKC PKI certificate which I got from OATH insider. The password to the certificate is “securepass”. There is only one key in the file with alias “pskc-test-key”. The SHA1 fingerprint is,
47:0B:A5:A7:79:C7:F3:94:8A:69:28:A6:5E:84:65:C4:A1:44:7A:AC
For you convenience, here is the piece of JAVA code I use to decode the PKI encrypted token.
public void DecodeTokenWithPKI(String txtCiphered)
{
try {
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream("c:\\work\\pskc\\pskctest.jks");
ks.load(fis, "securepass".toCharArray()); // There are other ways to read the password.
fis.close();
Enumeration aliases = ks.aliases();
String alias = "";
while (aliases.hasMoreElements())
{
alias = aliases.nextElement();
System.out.println("alias : "+alias);
break;
}
if(alias.equals(""))
return;
// X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
// RSAPublicKey pubkey = (RSAPublicKey) cert.getPublicKey();
RSAPrivateKey priv= (RSAPrivateKey) ks.getKey(alias, "securepass".toCharArray());
Base64 b64 = new Base64();
byte[] ciphertextBytes = b64.decode(txtCiphered);
AsymmetricBlockCipher theEngine = new RSAEngine();
theEngine = new PKCS1Encoding(theEngine);
RSAKeyParameters rsakeyparameters2 = new RSAKeyParameters(true, priv.getModulus(), priv.getPrivateExponent());
theEngine.init(false, rsakeyparameters2);
byte[] orgtextBytes = theEngine.processBlock(ciphertextBytes, 0, ciphertextBytes.length);
/*
Cipher cipher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" );
cipher.init( Cipher.DECRYPT_MODE, priv );
byte[] orgtextBytes = cipher.doFinal( ciphertextBytes, 0, ciphertextBytes.length );
*/
System.out.println("orgy:\n" + Base64.encodeBase64String(orgtextBytes) + "\n");
} catch (Exception e) {
e.printStackTrace();
msgLastError = e.toString();
}
}
No comments:
Post a Comment