Question
We have a requirement to expose an RSA Public Key as an HTTP resource - so http://myhost.com/publickeys/akeyid returns a public key.
I would like to return it with a correct Internet Media Type. What should that be? I confess I find the crypto RFCs fairly impenetrable.
And as a bonus, how do I translate easily from and to that format using the java.security standard libraries?
(It's easy enough to go from and to a SubjectPublicKeyInfo byte array as defined in https://www.rfc-editor.org/rfc/rfc3280#section-4.1 using java.security.RSAPublicKey.getEncoded() to serialize to bytes and a java.security.spec.X509EncodedKeySpec to deserialize those same bytes; but I can't find a registered media type for that format which suggests to me that I should be using some other format (an x.509 Certificate?). But then I struggle to work out how to do the translation.)
Thanks.
Solution
One alternative would be to encode the PKCS#1 format RSA public key as a PEM file, and then use the MIME type:
https://stackoverflow.com/questions/19516617
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian "application/x-pem-file"
References:
Note: "application/x-pem-file" is not registered ... obviously! ... but is referenced in a number of catalogues of "file types".
You probably ought to deliver the key over HTTPS ...
