How to convert bouncycastle getEncoded format into X.509 format for RSA public key

Question

If a base64 encoded public key when 'getEncoded' is called yields this

mQENBFh1kBcBCADMUkNW2qFgeRnornjhT3lt73wTGcO9rt+Ktr1tcopmOPTfNq3
feZNFHRUsBt0Nnuj9+vSD2cwFRoZDNulhnBD8lAJYOD427uvV+KBDF/5pCQKh2S
mDK8tJI/ncLIlX4SFa8F9f36FySglpkzA59IFtHdUBz9w+PJRqUQ5MVRzNHYBbv
6aeIWwl46KrL3eibRgBDVuEOKAoesdb+xErs9cqg3KSVi01XBgr+XMSgOBz4J3f
J4HdibsJdz1+113aKT++4LUSuuyeVbw3K/ZgMkrsyeJw84sHhF2kDu61atSUsQE
nJwBF2sPA9V/i28fftxodgg5qbEs8egdsw/wxGzsfABEBAAG0K0NocmlzIFpoZW
5nIChjemhlbmcpIDxjemhlbmdAYXRsYXNzaWFuLmNvbT6JATkEEwEIACMFAlh1k
BcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRARY82BslwTrMvtB/4t
LoRH91p09vM1sSQ77RC+XwQqhhvN1BAeqGxqZpgCO6Ld5KRh8f4mFY8nXjDCSyy
ydTBzIUp6aG0f+2EBhArtk/oU/pi8D4zHoeBkrl23/234s1kBI5F2g2kd6itwP8
ekimaUyNFdPIN1dPwdxhuspOUtFNR+HsT3BT32v4Afd7sWVNTFrkapxTdxxZkVb
+FS0wbuzFzB2gb8AvEGevzF/hQXOf3r8QzUQoEZ14pigNu/arlXzEuzXJXXT/AQ
nAzbVENoFrhojxqEU7RxH8J4nao8OfpYfL7w3T7PC3nFFSTYSwvYItGkl9DPPiZ
GWZTrb6VfpFGNLHwCoLOaf8ShsAIAAA==

how do I turn it into X.509?

The reason that I need to do so is to create a java.security.PublicKey object. I've also asked here: https://security.stackexchange.com/questions/150422/what-format-is-bouncycastle-opengpg-public-key/150427#150427 and I've confirmed that it is a length 2048 key but usually the PublicKeys are read using the X.509 standard. If there is another way to read it in, that'll be great.

I don't know about 'usually'. SSL/TLS and S/MIME use X.509 certificates containing public keys and those are certainly big uses, but PGP and SSH each have their own public key formats which are not X.509 and are also widely used. pedrofb's answer is correct that _Java crypto out-of-the-box_ supports only X.509 and (as I confirmed in security) this key is PGP not X.509. You may be pleased to know SSH format has much less overhead and is closer in size to the raw key. — dave_thompson_085, Feb 08 '17 at 02:49

pedrofb · Accepted Answer · 2017-02-06T08:48:09.070

X.509 is an standard for a public-key infraestructure to manage digital certificates and public key encryption. X509 certificates include a public key, a set of attributes like subject, issuer, serialnumber or keyusage, and a signature of the Certification Authority issuing the certificate

Therefore the content of public key and X509certificate is not equivalent. a public key can be extracted from the certificate, but with a public key it is not possible to deduce the certificate. In fact, several x509certificates could include the same public key

According to your link, the key is in OpenPGP format. Java has not a default reader for this keys, but you can use Bouncycastle (package bcpg)

//Convert key from base64 to binary
byte pubKeyBinary[] =DatatypeConverter.parseBase64Binary(pubKeyBase64);

//load Public key with bouncycastle
Security.addProvider(new BouncyCastleProvider());
PGPPublicKeyRing  pgpPub = new PGPPublicKeyRing(pubKeyBinary, new JcaKeyFingerprintCalculator());
PublicKey pubKey = 
   new JcaPGPKeyConverter().setProvider("BC").getPublicKey(pgpPub.getPublicKey());

how come the base64 key is longer than an standard X.509 key? — zcaudate, Feb 05 '17 at 20:36
I have included in the answer the code to load the key according to your link — pedrofb, Feb 06 '17 at 08:49

How to convert bouncycastle getEncoded format into X.509 format for RSA public key

1 Answers1

Linked