search

mdarifmustafa / vt-middleware

Automatically exported from code.google.com/p/vt-middleware
0 stars 0 forks source link

vt-crypt: Detect encoding and algorithms used for keys #91

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The current CryptReader requires that you know ahead of time whether a key/cert 
is PEM or DER encoded and which algorithms were used to generate the keys.  It 
would be nice to be able to simply provide a String/File/InputStream/byte[] and 
have the code detect the encoding and algorithm.

I wrote some code many years ago to do this for the Shibboleth 1.3 IdP[1].  You 
also look at the not-yet-commons-ssl[2] which has similar support.

[1] FileCredentialResolver class in 
http://svn.middleware.georgetown.edu/view/java-idp/branches/Rel_1_3/src/edu/inte
rnet2/middleware/shibboleth/common/Credentials.java?revision=1757&view=markup

[2] http://juliusdavies.ca/commons-ssl/

Original issue reported on code.google.com by claj...@gmail.com on 15 Sep 2010 at 7:46

GoogleCodeExporter commented 8 years ago

Original comment by dfis...@gmail.com on 17 Sep 2010 at 7:11

GoogleCodeExporter commented 8 years ago 
Beginning code review to implement this feature.

Original comment by marvin.addison@gmail.com on 10 Dec 2010 at 2:10

GoogleCodeExporter commented 8 years ago 
Added support for reading DER-encoded private keys without algorithm name in 
r1778.  Similar strategy for DER-encoded public keys should be possible.

Original comment by marvin.addison@gmail.com on 10 Dec 2010 at 6:44

GoogleCodeExporter commented 8 years ago 
Added support for reading PEM-encoded keys in r1780.  In this commit, support 
for reading encrypted keys was also added, which constituted the bulk of 
changes.  Both OpenSSL and PKCS#8 encryption formats are supported; PEM 
encoding only for OpenSSL and both PEM and DER encoding for encrypted PKCS#8 
keys.  For PKCS#8 keys, both password-based encryption schemes described in 
PKCS#5v2 are supported with ciphers mentioned in the standard.  AES CBC ciphers 
are additionally supported for the PBES2 scheme.

Original comment by marvin.addison@gmail.com on 31 Dec 2010 at 6:11

GoogleCodeExporter commented 8 years ago 
Great, sound good.  Thanks for adding that.

Original comment by claj...@gmail.com on 1 Jan 2011 at 12:36

GoogleCodeExporter commented 8 years ago 
Added support for detecting encoding and algorithm for public keys in r1785.

Original comment by marvin.addison@gmail.com on 4 Jan 2011 at 7:55

GoogleCodeExporter commented 8 years ago 
Refactored CryptReader in r1805 to use CredentialReader abstraction.  This work 
suggests future improvements to CryptWriter, at which time we will ensure 
symmetry between types of credentials we can read and write.  At present, we 
believe we can read many more formats than we can write; this includes 
encrypted private key formats at a minimum.  We will defer that work for future 
enhancements; created issue 95 to track.

Original comment by marvin.addison@gmail.com on 7 Jan 2011 at 9:26

GoogleCodeExporter commented 8 years ago 
Resolved.

Original comment by marvin.addison@gmail.com on 7 Jan 2011 at 9:27