# churchkey **Repository Path**: mirrors_tomitribe/churchkey ## Basic Information - **Project Name**: churchkey - **Description**: Library to open various key files such as OpenSSH and PEM - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-09-26 - **Last Updated**: 2026-02-08 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Churchkey Churchkey is a Java library that can parse and export public and private key files in several formats including: - JSON Web Key (JWK) - PEM - OpenSSH - SSH2 ## Reading keys *Step 1* Pass the bytes of the key file to Churchkey. No need to tell Churchkey what kind of key it is. [source,java] ---- final String pemFile = "" + "-----BEGIN PUBLIC KEY-----\n" + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyzNurU19lqnYhx5QI72sIX1lh\n" + "8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DN\n" + "eDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht\n" + "0OtHgJIlIaGxK7mY/QIDAQAB\n" + "-----END PUBLIC KEY-----\n"; final Key key = Keys.decode(pemFile.getBytes()); ---- *Step 2* Churchkey will parse the contents of the key file and tell you what kind of key it found! [source,java] ---- Assert.assertEquals(Key.Algorithm.RSA, key.getAlgorithm()); Assert.assertEquals(Key.Format.PEM, key.getFormat()); Assert.assertEquals(Key.Type.PUBLIC, key.getType()); ---- *Step 3* You can then cast the key to the correct java.security interface [source,java] ---- Assert.assertTrue(key.getKey() instanceof RSAPublicKey); ---- See the complete link:https://github.com/tomitribe/churchkey/blob/master/src/test/java/org/supertribe/ExampleTest.java#L39[source] ## Writing/Converting Keys The following will read (decode) a PEM file and then convert (encode) it to a JWK format [source,java] ---- // Read the PEM file final Key key = Keys.decode(pemFile.getBytes()); // Write the key as JWK final byte[] jwkBytes = key.encode(Key.Format.JWK); final String jwk = new String(jwkBytes); final String expected = "" + "{\n" + " \"kty\": \"RSA\",\n" + " \"e\": \"AQAB\",\n" + " \"n\": \"sszbq1NfZap2IceUCO9rCF9ZYfHE3oU5m6Avgyxu1LmlB6rNPejO-eB7T9i" + "IhxXCEKsGDcx4Cpo5nxnW5PSQZM_wzXg1bAOZ3O6k57EoFC108cB0hdvOiCXXKOZGrGiZu" + "F7q5Zt1ftqIk7oK2gbItSdB7dDrR4CSJSGhsSu5mP0\"\n" + "}\n"; JsonAsserts.assertJson(expected, jwk); ---- See the complete link:https://github.com/tomitribe/churchkey/blob/master/src/test/java/org/supertribe/Pem2JwkTest.java#L48[source] ## Get the Public key from a Private key The following will read (decode) a private key PEM file and then obtain and write out the public PEM. [source,java] ---- final String pemFile = "" + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIDV2ischPSu7JmDEhNlW9KpUiYl3AAANcMxRIEAxqk6hoAoGCCqGSM49\n" + "AwEHoUQDQgAERUSiTdfyjPPvepCpRGirABPcUo8QBaMJHoRf4D3XWBryDRMCZU20\n" + "GPXomXCQbIxJZtkOULn918lHK/CvytRW9A==\n" + "-----END EC PRIVATE KEY-----\n"; // Read the PEM file final Key key = Keys.decode(pemFile.getBytes()); // Get the public key final Key publicKey = key.getPublicKey(); // Write the public key as PEM (or any other format) final byte[] encoded = publicKey.encode(Key.Format.PEM); assertEquals("" + "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERUSiTdfyjPPvepCpRGirABPcUo8Q\n" + "BaMJHoRf4D3XWBryDRMCZU20GPXomXCQbIxJZtkOULn918lHK/CvytRW9A==\n" + "-----END PUBLIC KEY-----\n", new String(encoded)); ---- See the complete link:https://github.com/tomitribe/churchkey/blob/master/src/test/java/org/supertribe/PublicFromPrivateTest.java#L41[source] ## Supported Key Formats Churchkey is a Java library that can read RSA and DSA that look like any of the following: ### JSON Web Key (JWK) [source,json] ---- { "kty": "RSA", "n": "sszbq1NfZap2IceUCO9rCF9ZYfHE3oU5m6Avgyxu1LmlB6rNPejO-eB7T9iIhxXCEKsGDcx4Cpo5nxnW5PSQZM_wzXg1bAOZ3O6k57EoFC108cB0hdvOiCXXKOZGrGiZuF7q5Zt1ftqIk7oK2gbItSdB7dDrR4CSJSGhsSu5mP0", "e": "AQAB", "d": "VWV8gV5nkMISe927eW0IHM6VfS8gzPqqYgbmymq9YIJuLLRKJIh92mB55M_RnVsp_hYA5TREHSQ94xxPQ7j_ASohev1Etv7Hr9AFixa7Q6sRdT1DY7YO1kf_wLk0Urg2bHrvAvukcmBAV9-OHKDkRUY-e03ZK3cCfetsHP41RmE", "p": "6Uj9tL8PB-8nDschkBJUjjFdBpG_CgewLJwoDYc8WSbGUlw9uigZGXNHw5XSG_JI9V0T9HwfePryq11Gyg6fJQ", "q": "xDW-MI04a6Kb1gZD-ud0PrSuWAwzpBP_j0BQQwElSWbaDuJXJsSu11TYBeHYrWqvE2Gi7CAKrMy8MwnYRoM2-Q", "dp": "EcJBtgm5XjRBd-mGz43lq_FsEHz12xCcw7ibf_QkjvDZthlZhZtZ1csl0mjMVt5J2YvdYgY06yPHZ24xXl5glQ", "dq": "w2eShd_etLM456lNwm8HgfuHNgDQ3TNdbFjslg5qB_P6bqBTkzSFu8WvbgxCMlLxEShHjUlL2FP9igbf8Tl0YQ", "qi": "yTa2sQrLQCFkLuc3Zi-0xIHyD-ohb1WDLiT08H1dSPfx-Y5l8pNn_fG7N5GWFic-ae5h-GKbX14e4MAE5fYgKA" } ---- ### Various PEM Files ---- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG7UuaUHqs09 6M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTxwHSF 286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/QIDAQAB AoGAVWV8gV5nkMISe927eW0IHM6VfS8gzPqqYgbmymq9YIJuLLRKJIh92mB55M/R ... -----END RSA PRIVATE KEY----- ---- ---- -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALLM26tTX2WqdiHHlAjvawhfWWHxxN6FOZugL4MsbtS5pQeqzT3ozvng e0/YiIcVwhCrBg3MeAqaOZ8Z1uT0kGTP8M14NWwDmdzupOexKBQtdPHAdIXbzogl 1yjmRqxombhe6uWbdX7aiJO6CtoGyLUnQe3Q60eAkiUhobEruZj9AgMBAAE= -----END RSA PUBLIC KEY----- ---- ---- -----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQDfcPOECx1ps5f4GNl4fwpzO4X07FJemfPTVJoThX7P8MzueD5f OKio1ppYSTvVRhcLDEW8NBKhoEtXgZ4L/g0f3jADftCpy0z0zRGoyj/4m00X97CN 0X+1E2IUqe1ua+RQfEzd/XIYPSUFEe3NACznW8gy/HfsoQeUsyxAFkOEEwIVAJy7 ... -----END DSA PRIVATE KEY----- ---- ---- -----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLM26tTX2WqdiHH lAjvawhfWWHxxN6FOZugL4MsbtS5pQeqzT3ozvnge0/YiIcVwhCrBg3MeAqaOZ8Z 1uT0kGTP8M14NWwDmdzupOexKBQtdPHAdIXbzogl1yjmRqxombhe6uWbdX7aiJO6 CtoGyLUnQe3Q60eAkiUhobEruZj9AgMBAAECgYBVZXyBXmeQwhJ73bt5bQgczpV9 ... -----END PRIVATE KEY----- ---- ---- -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyzNurU19lqnYhx5QI72sIX1lh 8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DN eDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht 0OtHgJIlIaGxK7mY/QIDAQAB -----END PUBLIC KEY----- ---- ### OpenSSH Common locations for these would be in: - `~/.ssh/id_rsa` (PEM format shown above) - `~/.ssh/id_rsa.pub` (`ssh-` format shown here) ---- ssh-dss AAAAB3NzaC1kc3MAAACBAN9w84QLHWmzl/gY2Xh/CnM7hfTsUl6Z89NUmhOFfs/wzO54Pl84qKjWmlhJO9VGFwsMRbw0EqGgS1eBngv+DR/eMAN+0KnLTPTNEajKP/ibTRf3sI3Rf7UTYhSp7W5r5FB8TN39chg9JQUR7c0ALOdbyDL8d+yhB5SzLEAWQ4QTAAAAFQCcu9GKMJJyX8go6w1gn93Xi1/EDwAAAIBJYC9VGyg80b7DF8+fHKfezGEjjRgJOVMJQA946vA3A+cntFUU+Y1LayXJ2y... dblevins@mingus.lan ---- ---- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTxwHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/Q== dblevins@mingus.lan ---- ### SSH2 Commonly mistaken for PEM, but different. ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "1024-bit RSA, converted by dblevins@mingus.lan from OpenSSH" AAAAB3NzaC1yc2EAAAADAQABAAAAgQCyzNurU19lqnYhx5QI72sIX1lh8cTehTmboC+DLG 7UuaUHqs096M754HtP2IiHFcIQqwYNzHgKmjmfGdbk9JBkz/DNeDVsA5nc7qTnsSgULXTx wHSF286IJdco5kasaJm4Xurlm3V+2oiTugraBsi1J0Ht0OtHgJIlIaGxK7mY/Q== ---- END SSH2 PUBLIC KEY ---- ---- ## Maven Coordinates [source,xml] ---- io.churchkey churchkey 1.21 ----