Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to determine length of X509 Public Key

How do I determine the length (in bits) of an X509 Public Key in Java?

I'm looking to get the same value as "Public-Key" when running "openssl x509 -in cert.crt -noout -text". For example:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:00:00:01:a2:41:4b:56:3e:99:ba:92:b5:00:02:00:00:01:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=magnicomp, CN=MagniComp Issuing CA
        Validity
            Not Before: Sep 14 17:23:18 2015 GMT
            Not After : Sep 13 17:23:18 2016 GMT
        Subject: CN=dim.magnicomp.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

I've got an X509Certificate object and I've played around with the PublicKey value returned via getPublicKey() but I can't seem to figure out how to determine the key length from this.

like image 464
Mike Cooper Avatar asked Sep 14 '15 20:09

Mike Cooper


People also ask

How long is the public key in bits of the server digital certificate?

When you're using CloudFront alternate domain names and HTTPS, the maximum size of the public key in an SSL/TLS RSA certificate is 2048 bits. (This is the key size, not the number of characters in the public key.)


1 Answers

Snippet from EJBCA source code org.ejbca.util.keystore.KeyTools#getKeyLength to calculate key length from public key of various algorithms:

/**
 * Gets the key length of supported keys
 * @param pk PublicKey used to derive the keysize
 * @return -1 if key is unsupported, otherwise a number >= 0. 0 usually means the length can not be calculated, 
 * for example if the key is an EC key and the "implicitlyCA" encoding is used.
 */
public static int getKeyLength(final PublicKey pk) {
    int len = -1;
    if (pk instanceof RSAPublicKey) {
        final RSAPublicKey rsapub = (RSAPublicKey) pk;
        len = rsapub.getModulus().bitLength();
    } else if (pk instanceof JCEECPublicKey) {
        final JCEECPublicKey ecpriv = (JCEECPublicKey) pk;
        final org.bouncycastle.jce.spec.ECParameterSpec spec = ecpriv.getParameters();
        if (spec != null) {
            len = spec.getN().bitLength();              
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof ECPublicKey) {
        final ECPublicKey ecpriv = (ECPublicKey) pk;
        final java.security.spec.ECParameterSpec spec = ecpriv.getParams();
        if (spec != null) {
            len = spec.getOrder().bitLength(); // does this really return something we expect?
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof DSAPublicKey) {
        final DSAPublicKey dsapub = (DSAPublicKey) pk;
        if ( dsapub.getParams() != null ) {
            len = dsapub.getParams().getP().bitLength();
        } else {
            len = dsapub.getY().bitLength();
        }
    } 
    return len;
}
like image 106
HTLee Avatar answered Sep 19 '22 15:09

HTLee