1

I have requirement to perform ECIES encryt/decrypt using secp256r1 with BC as provider.

I have need reference of (1) how to store ECIES private-public key pair in JKS Keystore (2) retrieve public key from JKS.

I have provision key-pair using keytool command as per https://zombiesecured.com/html/tutorials/Keytool/ECC-JK.html.

  • Signature algorithm name: SHA256withECDSA
  • Subject Public Key Algorithm: 256-bit EC key

(2) Can you help how to retrieve key in ECDSAPublicKey format as input to encryption .

I have found reference of decoding key to ECPublicKey as below. What should be my 1st argument? How to retrieve encoded key from JKS?

public static ECPublicKey decodePublicKey(byte[] encoded, String namedCurve) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, IOException
       {
             KeyFactory fact = KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
             ECNamedCurveParameterSpec params = ECNamedCurveTable.getParameterSpec(namedCurve);
 
             java.security.spec.EllipticCurve ellipticCurve = EC5Util.convertCurve(params.getCurve(), params.getSeed());
             java.security.spec.ECPublicKeySpec keySpec = new java.security.spec.ECPublicKeySpec(ECPointUtil.decodePoint(ellipticCurve,encoded),EC5Util.convertSpec(ellipticCurve, params));
             return (ECPublicKey) fact.generatePublic(keySpec);
       }
  1. how to use IESCipher, IESParameterSpec, engineInit to perform ECIES encrypt/decrypt.
harshit2811
  • 757
  • 1
  • 5
  • 20
  • I missed that you are also looking for a solution to import the key pair into the keystore. My answer only offers a solution for encryption and decryption with ECIES for a key pair that is _already_ in the store. I have therefore deleted it. But basically there are two questions here, the use (and functionality) of ECIES and the import / export of a key pair into the keystore (both with Java). – Topaco Jul 28 '20 at 14:20
  • It might be useful to ask different questions (if you don't find satisfactory answers on SO or in the WWW). In this case you should also provide the necessary information, e.g. regarding import / export in which format your keys are available, whether a certificate already exists etc. Regarding ECIES, you should address `IESCipher`, `IESParameterSpec`, `engineInit` etc. directly in the question (and not only in the comment), and don't forget to include the necessary references. – Topaco Jul 28 '20 at 14:22
  • Hello Topso, Based on your previous response, I have made some progress on importing into JKS but later face this new question of IESCipher, ParamSepc hence thought to put into comment BUT now I realised it should be different question or I should update my question. thanks for your suggestion. I will make sure that next time. – harshit2811 Jul 29 '20 at 04:21

0 Answers0