Menu
We have a requirement to expose an RSA Public Key as an HTTP resource - so http://myhost.com/publickeys/akeyid returns a public key.
I would like to return it with a correct Internet Media Type. What should that be? I confess I find the crypto RFCs fairly impenetrable.
And as a bonus, how do I translate easily from and to that format using the java.security standard libraries?
(It's easy enough to go from and to a SubjectPublicKeyInfo byte array as defined in https://www.rfc-editor.org/rfc/rfc3280#section-4.1 using java.security.RSAPublicKey.getEncoded() to serialize to bytes and a java.security.spec.X509EncodedKeySpec to deserialize those same bytes; but I can't find a registered media type for that format which suggests to me that I should be using some other format (an x.509 Certificate?). But then I struggle to work out how to do the translation.)
Thanks.
359
One alternative would be to encode the PKCS#1 format RSA public key as a PEM file, and then use the MIME type:
"application/x-pem-file"
References:
Note: "application/x-pem-file" is not registered ... obviously! ... but is referenced in a number of catalogues of "file types".
You probably ought to deliver the key over HTTPS ...
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
