Re: Decrypting PKCS8 private keys

Bernard Leach (leachbj@aba.net.au)
Thu, 20 May 1999 15:09:09 +1000

Date: Thu, 20 May 1999 15:09:09 +1000
From: Bernard Leach <leachbj@aba.net.au>
To: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Decrypting PKCS8 private keys

Jan Luehe wrote:
>
> > 2. X509EncodedKeySpec
> >
> > The docs for X509EncodedKeySpec say it can be used for the DER encoding of
> > a public or private key according the X.509 spec. Does the X.509 spec give
> > structures for private keys? What are the ASN.1 structures (leading to the
> > DER encoding) that are acceptable for private keys in a X509EncodedKeySpec?
> > Also, what key types - I guess RSA and DSA - but any others?
>
> I was under the impression that X.509 (at some point in the past)
> also defined an ASN.1 structure for RSA private keys, consisting of
> a SEQUENCE of the modulus and the private exponent. I have not been able to
> find that definition in the latest X.509 docs. Can anyone confirm?

I can't find any reference to an ASN.1 type for private keys in
X.509 (or rather the ISO version I have ISO 9594-8). The only
RSA structure seems to be the public key definition.

PKCS#1 defintely defines the ASN.1 structure for RSA private keys
(and uses the same definition for public keys as X.509).

> If X.509 defines ASN.1 structures for public keys only, the
> "private key" reference should be removed from the X509EncodedKeySpec
> javadocs.

Given that the PKCS8EncodedKeySpec exists specifically for private
keys it seems a little confusing to have the private key part
in X509EncodedKeySpec as well (esp. since we can't find the X.509
PrivateKeyInfo structure!).

bernard.