I try to generate a keypair and show the private key.
String provname = "BC";
KeyPairGenerator kpg = KeyPairGenerator.getInstance ("EC", provname);
kpg.initialize (new ECGenParameterSpec ("brainpoolP384r1"));
KeyPair kp = kpg.generateKeyPair ();
StringWriter sw = new StringWriter ();
JcaPEMWriter jpw = new JcaPEMWriter (sw);
jpw.writeObject (kp.getPrivate ());
jpw.close ();
System.out.println(sw.toString());
If my cryptoprovider is BouncyCastle then the output is PKCS#8 (unencrypted EC key).
-----BEGIN EC PRIVATE KEY-----
MIGoAgEBBDAXNdzFVIeji0eVwTvgc8FYFNpzQTUC0cGVODYJIC17Ay58rtgPK+DC
V2868JDAHgmgCwYJKyQDAwIIAQELoWQDYgAEi4e/wkbfkY4kP6zRufnjUWUjFwy2
LLyvIAU2AFAp6eUiNdj1T93f/RgnKlrfGSbkA3p7oaFSZFjcBj2q3q5V7rLMbKWI
l++cJwjeGesRXz2x/iXJkDScKxGgUQ2ivxPQ
-----END EC PRIVATE KEY-----
That is ASN.1 parsed:
SEQUENCE (4 elem)
INTEGER 1
OCTET STRING (48 byte) 0185300E81F29103R9D3ABBE2221D66D6A0049AF4CF8D293E3697B31E3E027629EDDCD…
[0] (1 elem)
OBJECT IDENTIFIER 1.3.36.3.3.2.8.1.1.11 brainpoolP384r1 (ECC Brainpool Standard Curves and Curve Generation)
[1] (1 elem)
BIT STRING (776 bit) 0000010001101011110100011111101100001110010100111011001111011001100010…
All fine. But if I use another Cryptoprovider (some sort of HSM), then the output is only the private-key without the full structure.
-----BEGIN EC PRIVATE KEY-----
MDUCAQEEMCLfLeJbkDpRrgPLYYhrksFSRD7mMDcIotPUiWXt1AZp4Rgkz/Lh3XGB
nbwg7lrZ4w==
-----END EC PRIVATE KEY-----
As ASN.1 it is
SEQUENCE (2 elem)
INTEGER 1
OCTET STRING (48 byte) 22DF2DE25B913A51AE03CB21886892C152443EE6303718A2D3D48965EDD4064FD11824…
I tried PrivateKey and also ECPrivateKey - same result.
Any idea whats the reason for that?? I need the full PKCS#8 structure to use it.
The keydata is completely for tests - but I modified it here in the post anyway.