X.509 Certification for Android

Question

Just a little background on my project:

I'm implementing an SMS encryption program using ECDH for Android (BouncyCastle) and I need to send my public keys over SMS. Functionality wise, all is up and working but I'm a little skeptical about the X.509 code I've implemented.

On the sender side:

        byte[] pubEnc = aKeyPair.getPublic().getEncoded();
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(pubEnc);

pubX509 is then encoded into Base64 and sent via SMS

On the receiver side:

        KeyFactory          keyFac = KeyFactory.getInstance("ECDH", "SC");
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(SharedS);
        ECPublicKey         pubKey = (ECPublicKey)keyFac.generatePublic(pubX509);

The received value is Base64 decoded into SharedS which is cast into a new pubX509

As I've mentioned, implementation wise, this code seems to be working fine, however I'd like to find out if I am implementing the X509 properly.

Any advise would be much appreciated.

Answer 1

The fact that Sun (now Oracle) called this an X509EncodedKeySpec is simply because the public key is encoded using a format that was specified in the much larger X.509 certificate standard. For the internet, a proper implementation of X.509 certificates is specified in RFC 5280. As you can see, this RFC is over 140 pages in length. In the whole document, these 3 lines describe how to represent a public key:

   SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm            AlgorithmIdentifier,
        subjectPublicKey     BIT STRING  }

And this is format that is produced by the Java class X509EncodedKeySpec. You can ignore all the rest of the X509 standard, you don't have to use certificates.