| RIM Crypto API: Key Encoders and Decoders |
Encoded keys have the advantage that they can be transmitted as a complete package (including any required system parameters) without any doubt as to how they should be decoded. In other words, when a standard format is agreed upon, numerous key types and encodings can be used without concern of confusion.
Encoding and Decoding an RSA Private Key using PKCS8
Encoding and decoding keys is straightforward in the Crypto API. Two classes have been provided, PublicKeyEncoder and PrivateKeyEncoder, which handle all the encoding and decoding details. A common private key encoding scheme is the PKCS8 format. The following code demonstrates how to encode and decode RSA private keys using PKCS8:
// Create a new RSA crypto system for key generation
RSACryptoSystem cryptoSystem = new RSACryptoSystem();
// The key pair will hold the RSA keys
RSAKeyPair keyPair = new RSAKeyPair( cryptoSystem);
RSAPrivateKey privateKey = keyPair.getRSAPrivateKey();
// Now encode the key using the PrivateKeyEncoder class
EncodedKey encodedKey = PrivateKeyEncoder.encode( privateKey, "PKCS8" );
byte[] encodedKeyData = encodedKey.getEncodedKey();
This encoded key can then be decoded in a similar manner (using the key just encoded above):
RSAPrivateKey decodedKey = ( RSAPrivateKey ) PrivateKeyDecoder.decode( encodedKeyData, "PKCS8" );
Encoding and Decoding an EC Public Key using X.509
Likewise, encoding an elliptic curve public key with X.509 would be done in the following manner:
// Create a new EC crypto system for key generation
ECCryptoSystem cryptoSystem = new ECCryptoSystem();
// The key pair will hold the EC keys
ECKeyPair keyPair = new ECKeyPair( cryptoSystem);
ECPublicKey publicKey = keyPair.getECPublicKey();
// Now encode the key using the PublicKeyEncoder class
EncodedKey encodedKey = PublicKeyEncoder.encode( publicKey, "X509" );
byte[] encodedKeyData = encodedKey.getEncodedKey();
The key could then be subsequently decoded:
ECPublicKey decodedKey = ( ECPublicKey ) PublicKeyDecoder.decode( encodedKeyData, "X509" );
See Supported Encoding Schemes for more sepcific information on the encoding schemes supported by the Crypto API.