Should I store the public key in an X.509 store for the digital signature verification task?

Z

zencd2013-02-19 21:03:05

Java

zencd, 2013-02-19 21:03:05

I generate public and private RSA keys using the console openssl:

# генерю приватный ключ
openssl genrsa -out my.pem 1024
# преобразую в pkcs8 чтобы прочитать из Джавы
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in my.pem -out my.pk8
# выделяю публичный ключ
openssl rsa -in my.pem -pubout -out my.pub

The public key is then obtained in the X.509 "container". After cutting off the header with the footer, I read it quite successfully:

def keySpec = new X509EncodedKeySpec (encodedKey);
def keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);

Is it appropriate to use a public key in an X.509 "container" for verification? Or are there better solutions? After all, it was created for network needs, with the revocation of certificates, etc ...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

SleepingLion, 2013-02-20
@SleepingLion

Why not?
You can, of course, use DER, but this may not always be convenient.
Depends on what you're going to do with it.
X.509 (and in fact PEM) can be safely transmitted without serialization, if necessary.
If you need to store many keys, then DER is better, because it is several times smaller in size due to the binary notation. Some algorithms process DER faster. they don't need to convert it, although against the backdrop of crypto operations themselves, this may be a trifle.

M

Maximus43, 2013-02-20
@Maximus43

If you have a goal to write your own data signing and signature verification procedures, then you decide in what format you store the keys. PEM is BASE64. Can be easily transferred over the network.
Usually, a certificate is still made from the public key, at least self-signed. And then include the necessary PKI libraries in the project.