Question

I apologise for mixing notions but my knowledge of assymmetric web service security is shallow.

Right, I've got a java key store containing my private key and a customers public key.

When calling the customers web service I get an error message in return, saying:

"The signature or decryption is invalid".

We have found out that the public key I have in the key store and which is sent upon request, is different from the public key the customer has on its server. Somehow I have given the customer a different public key than the one I have in the key store.

What I would like to do is to regenerate the public key based on my private key in the key store, and send it to Mr Customer again. Is it possible to do so?

To be honest, this is exactly what I did by means of a keytool statement. Result, a file with .cer extension. Is the file with .cer the public key, or what?

Any advice is appreciated.

Solved it:

Above I said I tried to regenerate the public key from the key store, but I wasn't sure this was the right way to do it.

Anyhow, I provided Mr Customer with this newly generated public key and ask them to install it on their server. It worked, we've matching public keys. I used the following keytool command to regenerate the public key:

keytool -export -alias [name of private key in keystore] -file [path to output] -keystore [path to .jks keystore]

Was it helpful?

Solution

Normally you do have the private key together with a certificate (chain) in the keystore. If you simply retrieve the first certificate from the chain with the same alias as the private key, you should have the correct certificate.

It does not hurt to check this by signing some arbitrary data with the private key and verify it with the public key from the ceritificate of course. Signature.initVerify() should even take a certificate directly. Otherwise, you could compare the (hash over the) modulus of the public and private keys as well.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top