Theorg.springframework.security.crypto package provides helper classes for working with AES. It would be nice to add support working with PEM files, so that it is easy to read a PEM file and turn into JCA key like
java.security.interfaces.RSAPublicKeyjava.security.interfaces.RSAPrivateKeyjava.security.interfaces.XECPrivateKeyjava.security.interfaces.XECPublicKey
Working with the javax.crypto libraries is error prone and time consuming, spring security can provide easy to use wrappers that save time and reduce errors.
Comment From: jzheaux
@asaikali Have you already taken a look at RsaKeyConverters in core? How does that stack up with what you need on the RSA side?
Comment From: asaikali
Thanks for pointing out RsaKeyConverters I had not seen it. I think that will do what I want for RSA keys. However, I think there is value in creating a layer an in org.springframework.security.crypto that is only dependent on JCA and JCE with abstractions to make the JCA/JCE easier to use and no dependency on spring security or spring core, so no Convertor in the interface. There are some aspects of that in org.springframework.security.crypto but it is not comprehensive in what it offers. A spring-security-jca-jce.jar cloud be usable by the wider spring ecosystem as needed.
Comment From: jzheaux
A utility for converting a PEM file to an RSAPublicKey sounds very much like something a general-purpose cryptography library would do. For example, BouncyCastle offers this support with PEMParser and has no dependency on Spring.
While I agree that a utility like this would be very handy, I don't think that spring-security-crypto is the place for it since crypto isn't intended as a comprehensive cryptography library.