Skip to content

Instantly share code, notes, and snippets.

@tomcurran

tomcurran/ExtractRsaPublicKeyHex.java

Last active July 11, 2025 13:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tomcurran/e26c01a6a494028f1302a394239d8569 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tomcurran/e26c01a6a494028f1302a394239d8569 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ExtractRsaPublicKeyHex.java
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.*;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.util.Date;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
public class ExtractRsaPublicKeyHex {
public static void main(String[] args) {
// Determine the directory where this script is located
Path scriptsLocation = Paths.get(System.getProperty("user.dir"));
try (DirectoryStream<Path> stream = Files.newDirectoryStream(scriptsLocation)) {
for (Path entry : stream) {
if (Files.isDirectory(entry)) {
processPemFilesInDirectory(entry);
}
}
} catch (IOException e) {
System.err.println("Error while listing directories: " + e.getMessage());
}
}
private static void processPemFilesInDirectory(Path dir) {
try {
Files.walk(dir)
.filter(p -> p.toString().toLowerCase().endsWith(".pem"))
.forEach(ExtractRsaPublicKeyHex::processCertificateFile);
} catch (IOException e) {
System.err.println("Error while traversing directory " + dir + ": " + e.getMessage());
}
}
private static void processCertificateFile(Path certPath) {
System.out.println("Processing file: " + certPath);
try (FileInputStream inStream = new FileInputStream(certPath.toFile())) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
// Parse Subject for Organization and Common Name
String organization = "";
String commonName = "";
try {
String subjectDN = cert.getSubjectX500Principal().getName();
LdapName ldapName = new LdapName(subjectDN);
for (Rdn rdn : ldapName.getRdns()) {
if (rdn.getType().equalsIgnoreCase("O")) {
organization = rdn.getValue().toString();
}
if (rdn.getType().equalsIgnoreCase("CN")) {
commonName = rdn.getValue().toString();
}
}
} catch (Exception e) {
// ignore parsing errors
}
System.out.println("Subject Organization (O): " + organization);
System.out.println("Subject Common Name (CN): " + commonName);
// Serial Number
BigInteger serial = cert.getSerialNumber();
System.out.println("Serial Number: " + serial.toString(16));
// Validity
Date notBefore = cert.getNotBefore();
Date notAfter = cert.getNotAfter();
System.out.println("Not Valid Before: " + notBefore);
System.out.println("Not Valid After: " + notAfter);
// Fingerprint SHA-1
byte[] encoded = cert.getEncoded();
MessageDigest sha1 = MessageDigest.getInstance("SHA-1");
byte[] sha1Fingerprint = sha1.digest(encoded);
StringBuilder fingerprint = new StringBuilder();
for (byte b : sha1Fingerprint) {
fingerprint.append(String.format("%02X", b));
fingerprint.append(":");
}
if (fingerprint.length() > 0) fingerprint.deleteCharAt(fingerprint.length() - 1);
System.out.println("Fingerprint SHA-1: " + fingerprint);
// RSA Public Key (Hex)
PublicKey pubKey = cert.getPublicKey();
if (pubKey instanceof RSAPublicKey) {
byte[] pubKeyEncoded = pubKey.getEncoded();
String hex = new BigInteger(1, pubKeyEncoded).toString(16);
System.out.println("RSA Public Key (Hex):\n" + hex);
} else {
System.err.println("The certificate does not contain an RSA public key.");
}
System.out.println("---------------------------------------------------");
} catch (Exception e) {
System.err.println("Error processing file " + certPath + ": " + e.getMessage());
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment