Churchkey is a Java library that can parse and export public and private key files in several formats including:
-
JSON Web Key (JWK)
-
PEM
-
OpenSSH
-
SSH2
Step 1 Pass the bytes of the key file to Churchkey. No need to tell Churchkey what kind of key it is.
final String pemFile = "" +
"-----BEGIN PUBLIC KEY-----\n" +
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyzNurU19lqnYhx5QI72sIX1lh\n" +
"8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DN\n" +
"eDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht\n" +
"0OtHgJIlIaGxK7mY/QIDAQAB\n" +
"-----END PUBLIC KEY-----\n";
final Key key = Keys.decode(pemFile.getBytes());Step 2 Churchkey will parse the contents of the key file and tell you what kind of key it found!
Assert.assertEquals(Key.Algorithm.RSA, key.getAlgorithm());
Assert.assertEquals(Key.Format.PEM, key.getFormat());
Assert.assertEquals(Key.Type.PUBLIC, key.getType());Step 3 You can then cast the key to the correct java.security interface
Assert.assertTrue(key.getKey() instanceof RSAPublicKey);See the complete source
The following will read (decode) a PEM file and then convert (encode) it to a JWK format
// Read the PEM file
final Key key = Keys.decode(pemFile.getBytes());
// Write the key as JWK
final byte[] jwkBytes = key.encode(Key.Format.JWK);
final String jwk = new String(jwkBytes);
final String expected = "" +
"{\n" +
" \"kty\": \"RSA\",\n" +
" \"e\": \"AQAB\",\n" +
" \"n\": \"sszbq1NfZap2IceUCO9rCF9ZYfHE3oU5m6Avgyxu1LmlB6rNPejO-eB7T9i" +
"IhxXCEKsGDcx4Cpo5nxnW5PSQZM_wzXg1bAOZ3O6k57EoFC108cB0hdvOiCXXKOZGrGiZu" +
"F7q5Zt1ftqIk7oK2gbItSdB7dDrR4CSJSGhsSu5mP0\"\n" +
"}\n";
JsonAsserts.assertJson(expected, jwk);See the complete source
The following will read (decode) a private key PEM file and then obtain and write out the public PEM.
final String pemFile = "" +
"-----BEGIN EC PRIVATE KEY-----\n" +
"MHcCAQEEIDV2ischPSu7JmDEhNlW9KpUiYl3AAANcMxRIEAxqk6hoAoGCCqGSM49\n" +
"AwEHoUQDQgAERUSiTdfyjPPvepCpRGirABPcUo8QBaMJHoRf4D3XWBryDRMCZU20\n" +
"GPXomXCQbIxJZtkOULn918lHK/CvytRW9A==\n" +
"-----END EC PRIVATE KEY-----\n";
// Read the PEM file
final Key key = Keys.decode(pemFile.getBytes());
// Get the public key
final Key publicKey = key.getPublicKey();
// Write the public key as PEM (or any other format)
final byte[] encoded = publicKey.encode(Key.Format.PEM);
assertEquals("" +
"-----BEGIN PUBLIC KEY-----\n" +
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERUSiTdfyjPPvepCpRGirABPcUo8Q\n" +
"BaMJHoRf4D3XWBryDRMCZU20GPXomXCQbIxJZtkOULn918lHK/CvytRW9A==\n" +
"-----END PUBLIC KEY-----\n", new String(encoded));See the complete source
Churchkey is a Java library that can read RSA and DSA that look like any of the following:
{
"kty": "RSA",
"n": "sszbq1NfZap2IceUCO9rCF9ZYfHE3oU5m6Avgyxu1LmlB6rNPejO-eB7T9iIhxXCEKsGDcx4Cpo5nxnW5PSQZM_wzXg1bAOZ3O6k57EoFC108cB0hdvOiCXXKOZGrGiZuF7q5Zt1ftqIk7oK2gbItSdB7dDrR4CSJSGhsSu5mP0",
"e": "AQAB",
"d": "VWV8gV5nkMISe927eW0IHM6VfS8gzPqqYgbmymq9YIJuLLRKJIh92mB55M_RnVsp_hYA5TREHSQ94xxPQ7j_ASohev1Etv7Hr9AFixa7Q6sRdT1DY7YO1kf_wLk0Urg2bHrvAvukcmBAV9-OHKDkRUY-e03ZK3cCfetsHP41RmE",
"p": "6Uj9tL8PB-8nDschkBJUjjFdBpG_CgewLJwoDYc8WSbGUlw9uigZGXNHw5XSG_JI9V0T9HwfePryq11Gyg6fJQ",
"q": "xDW-MI04a6Kb1gZD-ud0PrSuWAwzpBP_j0BQQwElSWbaDuJXJsSu11TYBeHYrWqvE2Gi7CAKrMy8MwnYRoM2-Q",
"dp": "EcJBtgm5XjRBd-mGz43lq_FsEHz12xCcw7ibf_QkjvDZthlZhZtZ1csl0mjMVt5J2YvdYgY06yPHZ24xXl5glQ",
"dq": "w2eShd_etLM456lNwm8HgfuHNgDQ3TNdbFjslg5qB_P6bqBTkzSFu8WvbgxCMlLxEShHjUlL2FP9igbf8Tl0YQ",
"qi": "yTa2sQrLQCFkLuc3Zi-0xIHyD-ohb1WDLiT08H1dSPfx-Y5l8pNn_fG7N5GWFic-ae5h-GKbX14e4MAE5fYgKA"
}-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG7UuaUHqs09 6M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTxwHSF 286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/QIDAQAB AoGAVWV8gV5nkMISe927eW0IHM6VfS8gzPqqYgbmymq9YIJuLLRKJIh92mB55M/R ... -----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY----- MIGJAoGBALLM26tTX2WqdiHHlAjvawhfWWHxxN6FOZugL4MsbtS5pQeqzT3ozvng e0/YiIcVwhCrBg3MeAqaOZ8Z1uT0kGTP8M14NWwDmdzupOexKBQtdPHAdIXbzogl 1yjmRqxombhe6uWbdX7aiJO6CtoGyLUnQe3Q60eAkiUhobEruZj9AgMBAAE= -----END RSA PUBLIC KEY-----
-----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQDfcPOECx1ps5f4GNl4fwpzO4X07FJemfPTVJoThX7P8MzueD5f OKio1ppYSTvVRhcLDEW8NBKhoEtXgZ4L/g0f3jADftCpy0z0zRGoyj/4m00X97CN 0X+1E2IUqe1ua+RQfEzd/XIYPSUFEe3NACznW8gy/HfsoQeUsyxAFkOEEwIVAJy7 ... -----END DSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLM26tTX2WqdiHH lAjvawhfWWHxxN6FOZugL4MsbtS5pQeqzT3ozvnge0/YiIcVwhCrBg3MeAqaOZ8Z 1uT0kGTP8M14NWwDmdzupOexKBQtdPHAdIXbzogl1yjmRqxombhe6uWbdX7aiJO6 CtoGyLUnQe3Q60eAkiUhobEruZj9AgMBAAECgYBVZXyBXmeQwhJ73bt5bQgczpV9 ... -----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyzNurU19lqnYhx5QI72sIX1lh 8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DN eDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht 0OtHgJIlIaGxK7mY/QIDAQAB -----END PUBLIC KEY-----
Common locations for these would be in:
-
~/.ssh/id_rsa(PEM format shown above) -
~/.ssh/id_rsa.pub(ssh-format shown here)
ssh-dss AAAAB3NzaC1kc3MAAACBAN9w84QLHWmzl/gY2Xh/CnM7hfTsUl6Z89NUmhOFfs/wzO54Pl84qKjWmlhJO9VGFwsMRbw0EqGgS1eBngv+DR/eMAN+0KnLTPTNEajKP/ibTRf3sI3Rf7UTYhSp7W5r5FB8TN39chg9JQUR7c0ALOdbyDL8d+yhB5SzLEAWQ4QTAAAAFQCcu9GKMJJyX8go6w1gn93Xi1/EDwAAAIBJYC9VGyg80b7DF8+fHKfezGEjjRgJOVMJQA946vA3A+cntFUU+Y1LayXJ2y... [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/Q== [email protected]
Commonly mistaken for PEM, but different.
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "1024-bit RSA, converted by [email protected] from OpenSSH" AAAAB3NzaC1yc2EAAAADAQABAAAAgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG 7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTx wHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/Q== ---- END SSH2 PUBLIC KEY ----