My current project is all about using JSON Web Encryption (JWE) to transmit encrypted data in JSON payloads. JWE itself is a part of JSON Object Signing and Encryption (JOSE) set of specifications. We are using Apache CXF JAX-RS JOSE as our JOSE implementation.

Anyway, when you want to implement message-layer encryption using JOSE, RSA keys are one of the available options that can be used for key encryption keys (i.e. for key wrapping). Java can read RSA keys in DER encoding. One option for generating RSA keys is the well-known openssl command. In order to create a key pair in DER encoding, we can use the following commands:

$ openssl genrsa -out sample.pem 2048
$ openssl rsa -in sample.pem -out sample.pub.der -outform DER -pubout
$ openssl rsa -in sample.pem -out sample.prv.der -outform DER

In the next article I show how you can load an RSA key in Java.