Bouncy Castle Cryptography Library 1.85

org.bouncycastle.crypto.util
Class OpenSSHPrivateKeyUtil

java.lang.Object
  extended byorg.bouncycastle.crypto.util.OpenSSHPrivateKeyUtil

public class OpenSSHPrivateKeyUtil
extends java.lang.Object

A collection of utility methods for parsing OpenSSH private keys.


Method Summary
static byte[] encodePrivateKey(AsymmetricKeyParameter params)
          Encode a cipher parameters into an OpenSSH private key.
static AsymmetricKeyParameter parsePrivateKeyBlob(byte[] blob)
          Parse a private key.
static AsymmetricKeyParameter parsePrivateKeyBlob(byte[] blob, byte[] passphrase)
          Parse a private key, decrypting it with the supplied passphrase if it is a passphrase-protected key.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

encodePrivateKey

public static byte[] encodePrivateKey(AsymmetricKeyParameter params)
                               throws java.io.IOException
Encode a cipher parameters into an OpenSSH private key. This does not add headers like ----BEGIN RSA PRIVATE KEY----

Parameters:
params - the cipher parameters.
Returns:
a byte array
Throws:
java.io.IOException

parsePrivateKeyBlob

public static AsymmetricKeyParameter parsePrivateKeyBlob(byte[] blob)
Parse a private key.

This method accepts the body of the OpenSSH private key. The easiest way to extract the body is to use PemReader, for example:

byte[] blob = new PemReader([reader]).readPemObject().getContent(); CipherParameters params = parsePrivateKeyBlob(blob);

Parameters:
blob - The key.
Returns:
A cipher parameters instance.

parsePrivateKeyBlob

public static AsymmetricKeyParameter parsePrivateKeyBlob(byte[] blob,
                                                         byte[] passphrase)
Parse a private key, decrypting it with the supplied passphrase if it is a passphrase-protected key.

This method accepts the body of the OpenSSH private key (see parsePrivateKeyBlob(byte[]) for how to extract it from PEM). For an unencrypted key is ignored and may be ; for an encrypted key it must carry the passphrase bytes (the OpenSSH client uses the raw UTF-8 bytes). The KDF and the OpenSSH cipher suite (aes128/192/256-ctr, aes128/192/256-cbc, 3des-cbc, aes128/256-gcm@openssh.com and chacha20-poly1305@openssh.com) are supported.

Parameters:
blob - The key.
passphrase - The passphrase bytes, or for an unencrypted key. The array is not modified; the caller is responsible for clearing it.
Returns:
A cipher parameters instance.

Bouncy Castle Cryptography Library 1.85