How to get exponent and modulus value of RSA public key from pfx file/pem file in java

StackOverflow https://stackoverflow.com/questions/20897065

Question

I want to extract information about RSA Public Key from the pfx file using java.

I have a pfx file and converted to x509 Pem file. From pem file, Using the below command in terminal:

openssl x509 -in file.pem -text

I am able to view the public key exponent and modulus value

Subject Public Key Info:

Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:
        00:da:7c:e0:3e:c4:62:8d:ce:29:04:2f:93:78:7c:
        :
         6a:e7:c9:7c:8b:6f:09:5c:75:5f:8c:5e:9c:6a:b9:
        7:32:90: a4:4b
    Exponent: 65537 (0x10001)

How to extract the above information in java?

Input: pfxfile and password

Output:public key exponent and modulus value.

I m using the below code to extract the public key exponent and modulus, but i am not getting the value that is extracted using openssl. I doubt whether java.security.cert.Certificate uses some other DER format??

What is the java equivalent of openssl?

Code:

KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(file), password.toCharArray());
Enumeration enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
    String alias = (String) enumeration.nextElement();
    java.security.cert.Certificate certificate = ks.getCertificate(alias);
    PublicKey publickey = certificate.getPublicKey();
}
Was it helpful?

Solution

You need to downcast to the transparent java.security.interfaces.RSAPublicKey type. Then you can access the modulus and public exponents.

KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(file), password.toCharArray());
Enumeration<String> enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
  String alias = enumeration.nextElement();
  Certificate certificate = ks.getCertificate(alias);
  RSAPublicKey pub = (RSAPublicKey) certificate.getPublicKey();
  System.out.println(pub.getModulus().toString(16));
  System.out.println(pub.getPublicExponent().toString(16));
}

OTHER TIPS

Adding to the above Java Program to extract the n-modulus and e-exponent of the Base64 format of RSA would be as follows.

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

public class ModulusExpFromPublicKeyRSA {
    public static void main(String args[]) {
        String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB";

        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            byte[] keyBytes = Base64.getDecoder().decode(publicKey.getBytes("UTF-8"));
            X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
            PublicKey fileGeneratedPublicKey = keyFactory.generatePublic(spec);
            RSAPublicKey rsaPub  = (RSAPublicKey)(fileGeneratedPublicKey);
            BigInteger publicKeyModulus = rsaPub.getModulus();
            BigInteger publicKeyExponent  = rsaPub.getPublicExponent();
            System.out.println("publicKeyModulus: " + publicKeyModulus);
            System.out.println("publicKeyExponent: " + publicKeyExponent);
            String nModulus=Base64.getUrlEncoder().encodeToString(publicKeyModulus.toByteArray());
            String eExponent=Base64.getUrlEncoder().encodeToString(publicKeyExponent.toByteArray());
            System.out.println("n Modulus for RSA Algorithm: " + nModulus);
            System.out.println("e Exponent for RSA Algorithm: " + eExponent);
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException | InvalidKeySpecException e) {
            System.out.println(e.getMessage());
            e.printStackTrace();
        }


    }

}


publicKeyModulus: 119445732379544598056145200053932732877863846799652384989588303737527328743970559883211146487286317168142202446955508902936035124709397221178664495721428029984726868375359168203283442617134197706515425366188396513684446494070223079865755643116690165578452542158755074958452695530623055205290232290667934914919
publicKeyExponent: 65537
n Modulus for RSA Algorithm: AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln
e Exponent for RSA Algorithm: AQAB

I'm adding this answer as I recently tried to get the modulus and exponent from a raw public key string using java (also see https://crypto.stackexchange.com/questions/18031/how-to-find-modulus-from-a-rsa-public-key, from which the following public key was obtained) and thought that others may find the following code helpful:

String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB";

try {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        byte[] keyBytes = Base64.getDecoder().decode(publicKey.getBytes("UTF-8"));
        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
        PublicKey fileGeneratedPublicKey = keyFactory.generatePublic(spec);
        RSAPublicKey rsaPub  = (RSAPublicKey)(fileGeneratedPublicKey);
        BigInteger publicKeyModulus = rsaPub.getModulus();
        BigInteger publicKeyExponent  = rsaPub.getPublicExponent();
        System.out.println("publicKeyModulus: " + publicKeyModulus);
        System.out.println("publicKeyExponent: " + publicKeyExponent);
    } catch (NoSuchAlgorithmException | UnsupportedEncodingException | InvalidKeySpecException e) {
        System.out.println(e.getMessage());
        e.printStackTrace();
    }

Giving the expected output:

publicKeyModulus: 119445732379544598056145200053932732877863846799652384989588303737527328743970559883211146487286317168142202446955508902936035124709397221178664495721428029984726868375359168203283442617134197706515425366188396513684446494070223079865755643116690165578452542158755074958452695530623055205290232290667934914919
publicKeyExponent: 65537

It would be helpful to validate the JSON WebToken against the JWKS URL. For Example, the sample JWKS keys would be as follows. 

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "c424b67b-fe28-45d7-b015-f79da50b5b21",
      "alg": "RS256",
      "n": "AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a",
      "alg": "RS256",
      "n": "AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln",
      "e": "AQAB"
    }
  ]
}

The description of the JWKS is as follows.

n:    Modulus of the Public Key
alg:  the signing algorithm.
kid:  a unique id for every key in the set.
e:    Exponent part of RSA algorithm
use:  This denotes the Signature Validation
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top