Hello.
It seems that the bouncy castle library misses something that is very useful in some cases, unless it has already been implemented. What I mean is some converter that can turn a private key into a public key. From what I know, it is probably always or almost always possible to either construct or calculate a public key having the private key. It is very useful in cases where you do not have the public key at hand, but you need to for example send it to your peer, like ssh public authentication, hostkey verification etc. I know that at least openssh works even when public keys are not present, openssl can make public key from pure private key, so it is probably possible. signature.asc (503 bytes) Download Attachment |
In general, you cannot do what you want.
You are probably confusing PrivateKey versus KeyStore.PrivateKeyEntry -----Original Message----- From: Michał Zegan [mailto:[hidden email]] Sent: Monday, September 12, 2016 9:46 AM To: [hidden email] Subject: [dev-crypto] creating public keys from private keys Hello. It seems that the bouncy castle library misses something that is very useful in some cases, unless it has already been implemented. What I mean is some converter that can turn a private key into a public key. From what I know, it is probably always or almost always possible to either construct or calculate a public key having the private key. It is very useful in cases where you do not have the public key at hand, but you need to for example send it to your peer, like ssh public authentication, hostkey verification etc. I know that at least openssh works even when public keys are not present, openssl can make public key from pure private key, so it is probably possible. |
In general, you are wrong.
And especially that I tried. In case of rsa private keys, you are provided with all public key parameters, so you can create a public key spec from rsa private key directly, and turn into instance of PublicKey. In case of dsa private keys, you can calculate a public key value, I forgot what calculations you need but I tried once and verified that it works. For ec, the situation is probably similar, but the calculation is done differently. Not sure for others if they exist, dh probably does not need such a possibility, and if it did then I do not know if privae key contains enough data to calculate pubkey from it. Still, this thing is useful enough so that I wouldn't want to write that calculation logic from scratch each time I need it. W dniu 12.09.2016 o 15:57, Pellerin, Clement pisze: > In general, you cannot do what you want. > > You are probably confusing PrivateKey versus KeyStore.PrivateKeyEntry > > -----Original Message----- > From: Michał Zegan [mailto:[hidden email]] > Sent: Monday, September 12, 2016 9:46 AM > To: [hidden email] > Subject: [dev-crypto] creating public keys from private keys > > Hello. > It seems that the bouncy castle library misses something that is very useful in some cases, unless it has already been implemented. > What I mean is some converter that can turn a private key into a public key. From what I know, it is probably always or almost always possible to either construct or calculate a public key having the private key. It is very useful in cases where you do not have the public key at hand, but you need to for example send it to your peer, like ssh public authentication, hostkey verification etc. I know that at least openssh works even when public keys are not present, openssl can make public key from pure private key, so it is probably possible. > signature.asc (503 bytes) Download Attachment |
In reply to this post by Michał Zegan
On 09/12/2016 03:45 PM, Michał Zegan wrote:
> Hello. > It seems that the bouncy castle library misses something that is very > useful in some cases, unless it has already been implemented. > What I mean is some converter that can turn a private key into a public > key. From what I know, it is probably always or almost always possible > to either construct or calculate a public key having the private key. It > is very useful in cases where you do not have the public key at hand, > but you need to for example send it to your peer, like ssh public > authentication, hostkey verification etc. I know that at least openssh > works even when public keys are not present, openssl can make public key > from pure private key, so it is probably possible. > no you can't. Since d⋅e ≡ 1 (mod φ(n)) you have to solve the discrete logarithm efficiently to calculate e out of d. So you need at least the prime factors q or p of n or φ(n) to solve this equation in your lifetime ;-) Greetings, Ben |
Hi,
Am 12.09.2016 um 20:38 schrieb r0ot: >> it is probably always or almost always possible >> to either construct or calculate a public key having the private key. It >> is very useful in cases where you do not have the public key at hand, >> but you need to for example send it to your peer, like ssh public >> authentication, hostkey verification etc. I know that at least openssh >> works even when public keys are not present, openssl can make public key >> from pure private key, so it is probably possible. >> > Hey Michał, > > no you can't. Since > > d⋅e ≡ 1 (mod φ(n)) > > you have to solve the discrete logarithm efficiently to calculate e out > of d. So you need at least the prime factors q or p of n or φ(n) to > solve this equation in your lifetime ;-) p and q are part of the private key. Your turn again ;-) Cheers, Lothar |
In reply to this post by Michał Zegan
Hi,
Am 12.09.2016 um 15:45 schrieb Michał Zegan: > It seems that the bouncy castle library misses something that is very > useful in some cases, unless it has already been implemented. > What I mean is some converter that can turn a private key into a public > key. I had the same idea a couple of years ago but abandoned it since it's so rare a situation that you only have the private key that it wasn't worth the effort to implement that. And that might be the reason why something like that lacks in BouncyCastle. Cheers, Lothar |
from my experience it is not rare, it is rather standard.
W dniu 12.09.2016 o 22:43, Lothar Kimmeringer pisze: > Hi, > > Am 12.09.2016 um 15:45 schrieb Michał Zegan: > >> It seems that the bouncy castle library misses something that is very >> useful in some cases, unless it has already been implemented. >> What I mean is some converter that can turn a private key into a public >> key. > > I had the same idea a couple of years ago but abandoned it since it's > so rare a situation that you only have the private key that it wasn't > worth the effort to implement that. > > And that might be the reason why something like that lacks in BouncyCastle. > > > Cheers, Lothar > signature.asc (503 bytes) Download Attachment |
Am 12.09.2016 um 23:06 schrieb Michał Zegan:
> from my experience it is not rare, it is rather standard. your scenarios seem to be different from mine ;-) BouncyCastle is Open Source, so - if you have to implement it anyway - you might contribute that to the project. I did the same when I needed DER External to be supported. Cheers, Lothar |
Free forum by Nabble | Edit this page |