Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

exchange of public key as a serialized object

How to exchange the public key to the client place. i have encrypted a document(text file) using RSA algorithm by using private key and then stored the public key as an java.security.Key object in a file using serialization.I want to know about the integrity of the serialized public key object whether it is safe option to do or any other option available.

like image 867
Lalchand Avatar asked Nov 04 '22 22:11

Lalchand


1 Answers

A public key is usually just exchanged as a piece of text. It is then imported into a keystore. The exact method of doing is depends on the implementation (I've always used PGP).

I wouldn't expose the key as a serialized form of java.security.Key because it's not really standard. The key in it's simple form is the standard form of interchange.

On exposing the key as a download: it's public, so there's nothing an intruder could do by downloading your key. The only thing that could go wrong is that someone could fake your server and host a different key. Then sign with that key's private key and claim to be you. Of course you could have the same issue if you mailed it to somebody. But then at least you would know who you mailed it to.

The safest approach is to spread the key out-of-bound. Like on a usb stick.

Depending on your cause, I think you can live with the risk.

like image 190
Joeri Hendrickx Avatar answered Nov 13 '22 20:11

Joeri Hendrickx