To Change OID of SubjectPublicKeyInfo of CSR in Java using BouncyCastleAPI

Question

I wanted to change the OID of the SubjectPublicKeyInfo in CSR. But i am getting both OIDs in the CSR the specific one and the Built in one.

// Use Bouncy Castle to create a CSR with attributes and a common name
PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder (
                X500Name.getInstance(AsnToDerEncoding.createSubject()),
                subjectPublicKeyInfo
        );

ASN1ObjectIdentifier objId = new ASN1ObjectIdentifier("Specific OID");
AlgorithmIdentifier algId = new AlgorithmIdentifier(objId);
ASN1BitString derBitString = new DERBitString(keyPair.getPublic().getEncoded());
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, derBitString);

It's changing the OID but the built-in function takes the particular OID of the public key and gives both the OIDs in the CertificateRequestInfo, and I need only the specific one. CSRDecoded

Answer 1

Java PublicKey.getEncoded() returns the SPKI (SubjectPublicKeyInfo) structure including the algorithmid containing the standard OID; thus when you put this in the bitstring (data) part of a second SPKI you got a nested structure with two OIDs.

You apparently want to parse the first SPKI to extract only the data part, and use that, which you can do with the same BouncyCastle class:

    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    ASN1ObjectIdentifier objId = new ASN1ObjectIdentifier("1.2.3.4");
    AlgorithmIdentifier algId = new AlgorithmIdentifier(objId);
    spki = new SubjectPublicKeyInfo(algId, spki.getPublicKeyData());