Search code examples
androidkotlincryptographyprivate-keysecp256r1

Convert ByteArray to PrivateKey in Kotlin

I have a private key in raw format, a byte array :

val privKeyIControlUInt8 = byteArrayOfInts(
                0x00, 0x00, 0x00, 0x00, 0xB2, 0xC6, 0xFE, 0x9D,
                0x1F, 0x87, 0x85, 0x8C, 0x00, 0x00, 0x00, 0x0A,
                0x7D, 0x90, 0x8E, 0x1C, 0x11, 0x2D, 0x7B, 0xF9,
                0x30, 0x8D, 0xF3, 0x8C, 0xD5, 0xC0, 0x41, 0xF0
            )

I need to convert this array to a private key. I use this function :

private fun generatePrivateKey(encodedPrivateKey: ByteArray): PrivateKey {
            Security.addProvider(BouncyCastleProvider())
            val keyFactory = KeyFactory.getInstance("????")
            return keyFactory.generatePrivate(PKCS8EncodedKeySpec(encodedPrivateKey))

        }

I have no idea how to set the getInstance. My private key is a P256 also known as secp256r1 and prime256v1. Any idea ?

Thanks a lot in advance!

Solution

  • One way to derive the private key from the raw data is the following (based on this implementation):

    fun getPrivateKeyFromRaw(key: BigInteger, curveName: String): ECPrivateKey {
    val ecParameterSpec = getParametersForCurve(curveName)
    val privateKeySpec = ECPrivateKeySpec(key, ecParameterSpec)
    val keyFactory = KeyFactory.getInstance("EC")
    return keyFactory.generatePrivate(privateKeySpec) as ECPrivateKey
}

fun getParametersForCurve(curveName: String): ECParameterSpec {
    val params = AlgorithmParameters.getInstance("EC")
    params.init(ECGenParameterSpec(curveName))
    return params.getParameterSpec(ECParameterSpec::class.java)
}

    The implementation uses pure Java classes, i. e. no BouncyCastle. With this, the private key can be derived from the raw data as follows:

    import java.math.BigInteger
import java.security.AlgorithmParameters
import java.security.KeyFactory
import java.security.interfaces.ECPrivateKey
import java.security.spec.ECGenParameterSpec
import java.security.spec.ECParameterSpec
import java.security.spec.ECPrivateKeySpec
...
val privKeyRaw = byteArrayOf(
    0x00.toByte(), 0x00.toByte(), 0x00.toByte(), 0x00.toByte(), 0xB2.toByte(), 0xC6.toByte(), 0xFE.toByte(), 0x9D.toByte(),
    0x1F.toByte(), 0x87.toByte(), 0x85.toByte(), 0x8C.toByte(), 0x00.toByte(), 0x00.toByte(), 0x00.toByte(), 0x0A.toByte(),
    0x7D.toByte(), 0x90.toByte(), 0x8E.toByte(), 0x1C.toByte(), 0x11.toByte(), 0x2D.toByte(), 0x7B.toByte(), 0xF9.toByte(),
    0x30.toByte(), 0x8D.toByte(), 0xF3.toByte(), 0x8C.toByte(), 0xD5.toByte(), 0xC0.toByte(), 0x41.toByte(), 0xF0.toByte()
)
val curveName = "secp256r1"
val privKeyBI = BigInteger(1, privKeyRaw)
val privateKey = getPrivateKeyFromRaw(privKeyBI, curveName)
println(Base64.encodeToString(privateKey.encoded, Base64.DEFAULT)) // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgAAAAALLG/p0fh4WMAAAACn2QjhwRLXv5MI3zjNXAQfChRANCAATL8eioa63NR6Rn6oF27Zx7/uiMZevH5uLJYhQWOCl10KUHgjIDE6fjQNGAzcHrfJM1Xwr8QKmZPsFIl8GMh82K

    which can be viewed in an ASN.1 parser, e.g. here.

    I' ve tested this on Android P, API 28.

    Using BouncyCastle a slightly more compact implementation is possible, see here.