How to exchange the public key to the client place. i have encrypted a document(text file) using RSA algorithm by using private key and then stored the public key as an java.security.Key object in a file using serialization.I want to know about the integrity of the serialized public key object whether it is safe option to do or any other option available.
A public key is usually just exchanged as a piece of text. It is then imported into a keystore. The exact method of doing is depends on the implementation (I've always used PGP).
I wouldn't expose the key as a serialized form of java.security.Key because it's not really standard. The key in it's simple form is the standard form of interchange.
On exposing the key as a download: it's public, so there's nothing an intruder could do by downloading your key. The only thing that could go wrong is that someone could fake your server and host a different key. Then sign with that key's private key and claim to be you. Of course you could have the same issue if you mailed it to somebody. But then at least you would know who you mailed it to.
The safest approach is to spread the key out-of-bound. Like on a usb stick.
Depending on your cause, I think you can live with the risk.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With