Lab 11 Exercise 1

Learn how to create DER-encoded ASN.1 objects using BouncyCastle library.

For this task, you will need private keys generated by OpenSSL -- refer to previous lab for details. You will the key stored in two different structures: PKCS#1 (priv.der) and PKCS#8 (priv.pk8), both DER-encoded.

Convert PKCS#1 private key to PKCS#8 using Java.

First, you will need to read the contents of the PKCS#1 key file as ASN.1 object -- you can use the code from taks 10.01.

Then, create a PKCS#8 structure and populate its fields -- see RFC 5208 for details.


Finally, write a resulting structure to file (for example, my.pk8).

Inspect the key you have just converted


  dumpasn1 my.pk8

(or your own Java implementation of ASN.1 parser) and compare the structures of priv.pk8 and my.pk8.


  • Are there any differences?
  • Why?

Generate an RSA keypair using Java (you had similar task in Homework 1). Save the encoded private key to file.


  • What structure (PKCS#1 or PKCS#8) is used?
  • How can you save the key as another structure?
Page edit