dm159
Posts: 4
Joined: Sun Nov 13, 2016 8:53 am

Generating RSA Keys With Java on Raspberry Pi

Sun Nov 13, 2016 9:15 am

Hi,

I have some experience with Java, but am new to Raspberry.

I've gone through a number of posts on forum that seem to suggest it is possible to run Oracle JDK 8 on Raspberry.

Do the Java Security Libraries work fine on Raspberry? In particular, is it possible to generate RSA Keys on Raspberry using Java? If yes, are these Keys known to have any Cryptographic Weaknesses?

JosAH
Posts: 66
Joined: Sat Nov 12, 2016 2:11 pm
Location: Voorschoten

Re: Generating RSA Keys With Java on Raspberry Pi

Sun Nov 13, 2016 3:14 pm

My Pi/3 came pre-installed with Oracle's Java 8; If the Pi has to act as a secure client, say, for SMTP or IMAP, everything works fine (i'm using Java Mail for it); it's the secure server that has to deliver the certificate, but if the Pi has to act as a secure server (say HTTP), I can't get it running: the 'keytool' produces a (self signed) certificate but the server (the Pi) and some client (an entirely different machine) can't successfully terminate their negotiation phase at the beginning of their communication, telling me that the server (the Pi, running a simple HTTP server) and the client (running a browser) have no certifcate in common.

I don't know how to solve it and have started a similar topic in this forum group for this matter.

Good luck and
kind regards,

Jos

dm159
Posts: 4
Joined: Sun Nov 13, 2016 8:53 am

Re: Generating RSA Keys With Java on Raspberry Pi

Sun Nov 13, 2016 5:32 pm

Thanks for the reply.

I don't have to do anything with the RSA Key other than storing it.

Does your post mean that you have successfully generated an RSA Key Pair / Certificate using Keytool on Raspberry Pi? If the Keytool produces Certificate on Raspberry on-board, I'm assuming any given Jar should be able to do the same.

For this post, an answer from someone who has tried to Generate RSA Keys from within Java Code might be better though.

As for your problem, my guess is that it might be because your Certificate is self signed. Given that the Server Certificate is self signed and has not been added to the Trust Store of Client, Client is unable to verify the validity of the certificate.

To go around this, you can try to import the Server Certificate in Client's Trust store. This process is client specific, you might have to look around a bit on how to do it in your case.

JosAH
Posts: 66
Joined: Sat Nov 12, 2016 2:11 pm
Location: Voorschoten

Re: Generating RSA Keys With Java on Raspberry Pi

Mon Nov 14, 2016 7:59 am

dm159 wrote:For this post, an answer from someone who has tried to Generate RSA Keys from within Java Code might be better though.
I made the self signed certificate using the 'keytool' tool; like this:

Code: Select all

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 365
As I wrote before: this works fine on my laptops ...

kind regards,

Jos

dm159
Posts: 4
Joined: Sun Nov 13, 2016 8:53 am

Re: Generating RSA Keys With Java on Raspberry Pi

Mon Nov 14, 2016 9:21 am

Thanks for the reply.

Did you generate the Certificate using Keytool on Raspberry Pi?

Or was it that you generated the Certificate / Keys on Laptop / Desktop and copied them over to Raspberry?

JosAH
Posts: 66
Joined: Sat Nov 12, 2016 2:11 pm
Location: Voorschoten

Re: Generating RSA Keys With Java on Raspberry Pi

Mon Nov 14, 2016 10:11 am

dm159 wrote:Thanks for the reply.

Did you generate the Certificate using Keytool on Raspberry Pi?

Or was it that you generated the Certificate / Keys on Laptop / Desktop and copied them over to Raspberry?
I did both and none of the alternatives worked; fyi: using the Pi as an HTTP client (a browser) for my HTTPS server works fine ...
so, there is no need to adjust the struststore on the client manually, i.e. that all happens in the negotiation phase (as it should).

kind regards,

Jos

User avatar
clicky
Posts: 501
Joined: Thu Oct 25, 2012 7:34 am

Re: Generating RSA Keys With Java on Raspberry Pi

Tue Nov 15, 2016 2:17 pm

Is it worth you making simple test project and shared it on github? That way people like me would be able to just clone it locally and tinker with it a bit.
It is quite curious issue you have but currently I don't have time to go through setting everything up and then going back and forward with you why it works for me and not for you. This way we would be working exactly on the same code and OS :)
Just post github project link here and if not me someone else is going to give it a go immediately, I am sure!

JosAH
Posts: 66
Joined: Sat Nov 12, 2016 2:11 pm
Location: Voorschoten

Re: Generating RSA Keys With Java on Raspberry Pi

Tue Nov 15, 2016 5:29 pm

For the problems with an http server: download this small http server (it's a nifty, flexible server) from this page:
http://www.freeutils.net/source/jlhttp/ (the latest release (2.2) will do fine). It's a single file;

After line #3024, where a new HTTPServer is created in the sample main( ... ) method, add the following lines:

Code: Select all

            System.setProperty("javax.net.ssl.keyStore", "/home/pi/keystore.jks");
            System.setProperty("javax.net.ssl.keyStorePassword", "password");
            server.setSecure(true);
The keystore.jks was created with the keytool tool in the /home/pi directory as follows:

Code: Select all

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360
The keystore contains a single self-signed certificate and your browser should accept it after manual intervention.
The scenario runs fine if the HTTPServer is run on a PC, but fails miserably when that same server is run on a Pi/3:



kind regards,

Jos

Return to “Java”