java rsa bouncycastle public-key-encryption

Getting Public Key from the CSR file using Bouncy Castle in java

I have a client generated CSR file, from which I want to extract the Public Key. They provided KeyStore Explorer software to check it.

However I am unable to extract the public key from it using the tool. How can get the public key from CSR file using Java program using BC?

CSR is generated with RSA 2048, using SHA1 with RSA.

From the tool, I can see the ASN1 data of the Public key but not ASCII format. Atleast how do I use the ASN1 data to get the public key in ASCII format using BC

SEQUENCE
{
    SEQUENCE
    {
        OBJECT IDENTIFIER=RSA encryption (1.2.840.113549.1.1.1)
        NULL
    }
    BIT STRING= //BITS HERE
}

Solution

It depends on what you mean by "ASCII format". But generally you can do something like that:

// Read the CSR
FileReader fileReader = new FileReader("/path/to/your.csr");
PemReader pemReader = new PemReader(fileReader);

PKCS10CertificationRequest csr = 
    new PKCS10CertificationRequest(pemReader.readPemObject().getContent());

pemReader.close();
fileReader.close();

// Write the Public Key as a PEM-File
StringWriter output = new StringWriter();
PemWriter pemWriter = new PemWriter(output);

PemObject pkPemObject = new PemObject("PUBLIC KEY", 
    csr.getSubjectPublicKeyInfo().getEncoded());

pemWriter.writeObject(pkPemObject);
pemWriter.close();

System.out.println(output.getBuffer());

// Extract the Public Key as "RSAKeyParameters" so you can use for
// encryption/signing operations.
RSAKeyParameters pubkey = 
    (RSAKeyParameters)PublicKeyFactory.createKey(csr.getSubjectPublicKeyInfo());

This is what you'll get:

I have tested this with the latest version of the BC-provider. You need both the "provider" and the "PKIX/PKCS..." jar (otherwise you have to deal with deprecated API-calls).