@avieldr/react-native-rsa 1.0.0

package/android/src/main/java/com/rsa/RsaPackage.kt

@@ -0,0 +1,33 @@
+package com.rsa
+
+import com.facebook.react.BaseReactPackage
+import com.facebook.react.bridge.NativeModule
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.module.model.ReactModuleInfo
+import com.facebook.react.module.model.ReactModuleInfoProvider
+import java.util.HashMap
+
+class RsaPackage : BaseReactPackage() {
+  override fun getModule(name: String, reactContext: ReactApplicationContext): NativeModule? {
+    return if (name == RsaModule.NAME) {
+      RsaModule(reactContext)
+    } else {
+      null
+    }
+  }
+
+  override fun getReactModuleInfoProvider(): ReactModuleInfoProvider {
+    return ReactModuleInfoProvider {
+      val moduleInfos: MutableMap<String, ReactModuleInfo> = HashMap()
+      moduleInfos[RsaModule.NAME] = ReactModuleInfo(
+        RsaModule.NAME,
+        RsaModule.NAME,
+        false,  // canOverrideExistingModule
+        false,  // needsEagerInit
+        false,  // isCxxModule
+        true // isTurboModule
+      )
+      moduleInfos
+    }
+  }
+}

package/android/src/main/java/com/rsa/core/ASN1Utils.kt

@@ -0,0 +1,201 @@
+package com.rsa.core
+
+import java.io.ByteArrayOutputStream
+import java.math.BigInteger
+import java.security.interfaces.RSAPrivateCrtKey
+
+/**
+ * ASN.1 DER encoding/decoding utilities for RSA key format conversions.
+ *
+ * Handles the low-level binary encoding needed to convert between
+ * PKCS#1 and PKCS#8 key formats without external dependencies.
+ *
+ * ASN.1 (Abstract Syntax Notation One) uses TLV (Tag-Length-Value) encoding:
+ *   - Tag:    identifies the data type (e.g. 0x02 = INTEGER, 0x30 = SEQUENCE)
+ *   - Length: number of bytes in the value
+ *   - Value:  the actual data bytes
+ */
+object ASN1Utils {
+
+    // RSA algorithm OID: 1.2.840.113549.1.1.1
+    // This identifies the key as RSA in AlgorithmIdentifier structures
+    val RSA_OID = byteArrayOf(
+        0x06, 0x09, 0x2A.toByte(), 0x86.toByte(), 0x48, 0x86.toByte(),
+        0xF7.toByte(), 0x0D, 0x01, 0x01, 0x01
+    )
+
+    // ASN.1 NULL value — used as the parameter in AlgorithmIdentifier (RSA has no params)
+    val ASN1_NULL = byteArrayOf(0x05, 0x00)
+
+    /**
+     * Encode a BigInteger as an ASN.1 INTEGER (tag 0x02 + length + value).
+     * BigInteger.toByteArray() returns a two's-complement representation,
+     * which is exactly what DER INTEGER expects.
+     */
+    fun encodeAsn1Integer(value: BigInteger): ByteArray {
+        val output = ByteArrayOutputStream()
+        val bytes = value.toByteArray()
+        output.write(0x02)  // INTEGER tag
+        output.write(encodeAsn1Length(bytes.size))
+        output.write(bytes)
+        return output.toByteArray()
+    }
+
+    /**
+     * Encode a length value in ASN.1 DER format.
+     *
+     * DER length encoding:
+     *   - 0–127:    single byte (short form)
+     *   - 128–255:  0x81 followed by one byte
+     *   - 256–65535: 0x82 followed by two bytes (big-endian)
+     */
+    fun encodeAsn1Length(length: Int): ByteArray {
+        return when {
+            length < 128 -> byteArrayOf(length.toByte())
+            length < 256 -> byteArrayOf(0x81.toByte(), length.toByte())
+            length < 65536 -> byteArrayOf(
+                0x82.toByte(),
+                (length shr 8).toByte(),
+                (length and 0xFF).toByte()
+            )
+            else -> throw IllegalArgumentException("Length too large: $length")
+        }
+    }
+
+    /**
+     * Decode an ASN.1 DER length field starting at [offset] in [bytes].
+     *
+     * @return Pair of (decoded length or null on error, number of bytes consumed)
+     */
+    fun decodeAsn1Length(bytes: ByteArray, offset: Int): Pair<Int?, Int> {
+        if (offset >= bytes.size) return Pair(null, 0)
+        val first = bytes[offset].toInt() and 0xFF
+        if (first < 128) {
+            return Pair(first, 1)
+        }
+        val numBytes = first and 0x7F
+        if (numBytes == 0 || offset + numBytes >= bytes.size) return Pair(null, 0)
+        var length = 0
+        for (i in 0 until numBytes) {
+            length = (length shl 8) or (bytes[offset + 1 + i].toInt() and 0xFF)
+        }
+        return Pair(length, 1 + numBytes)
+    }
+
+    /**
+     * Encode an RSA private key as PKCS#1 DER.
+     *
+     * PKCS#1 RSAPrivateKey layout:
+     *   SEQUENCE {
+     *     version   INTEGER (0),
+     *     modulus   INTEGER,  -- n
+     *     publicExp INTEGER,  -- e
+     *     privateExp INTEGER, -- d
+     *     prime1    INTEGER,  -- p
+     *     prime2    INTEGER,  -- q
+     *     exp1      INTEGER,  -- d mod (p-1)
+     *     exp2      INTEGER,  -- d mod (q-1)
+     *     coeff     INTEGER   -- (inverse of q) mod p
+     *   }
+     */
+    fun encodePkcs1RsaPrivateKey(key: RSAPrivateCrtKey): ByteArray {
+        val output = ByteArrayOutputStream()
+        val sequenceContent = ByteArrayOutputStream()
+
+        sequenceContent.write(encodeAsn1Integer(BigInteger.ZERO))      // version = 0
+        sequenceContent.write(encodeAsn1Integer(key.modulus))          // n
+        sequenceContent.write(encodeAsn1Integer(key.publicExponent))   // e
+        sequenceContent.write(encodeAsn1Integer(key.privateExponent))  // d
+        sequenceContent.write(encodeAsn1Integer(key.primeP))           // p
+        sequenceContent.write(encodeAsn1Integer(key.primeQ))           // q
+        sequenceContent.write(encodeAsn1Integer(key.primeExponentP))   // d mod (p-1)
+        sequenceContent.write(encodeAsn1Integer(key.primeExponentQ))   // d mod (q-1)
+        sequenceContent.write(encodeAsn1Integer(key.crtCoefficient))   // (inverse of q) mod p
+
+        val contentBytes = sequenceContent.toByteArray()
+        output.write(0x30)  // SEQUENCE tag
+        output.write(encodeAsn1Length(contentBytes.size))
+        output.write(contentBytes)
+
+        return output.toByteArray()
+    }
+
+    /**
+     * Wrap PKCS#1 private key bytes inside a PKCS#8 PrivateKeyInfo structure.
+     *
+     * PKCS#8 PrivateKeyInfo layout:
+     *   SEQUENCE {
+     *     version            INTEGER (0),
+     *     algorithm          AlgorithmIdentifier { OID, NULL },
+     *     privateKey         OCTET STRING containing PKCS#1 bytes
+     *   }
+     */
+    fun wrapPkcs1InPkcs8(pkcs1Bytes: ByteArray): ByteArray {
+        val output = ByteArrayOutputStream()
+        val sequenceContent = ByteArrayOutputStream()
+
+        // version INTEGER 0
+        sequenceContent.write(encodeAsn1Integer(BigInteger.ZERO))
+
+        // AlgorithmIdentifier SEQUENCE { rsaOID, NULL }
+        val algIdContent = ByteArrayOutputStream()
+        algIdContent.write(RSA_OID)
+        algIdContent.write(ASN1_NULL)
+        val algIdBytes = algIdContent.toByteArray()
+        sequenceContent.write(0x30) // SEQUENCE tag
+        sequenceContent.write(encodeAsn1Length(algIdBytes.size))
+        sequenceContent.write(algIdBytes)
+
+        // privateKey OCTET STRING wrapping the raw PKCS#1 bytes
+        sequenceContent.write(0x04) // OCTET STRING tag
+        sequenceContent.write(encodeAsn1Length(pkcs1Bytes.size))
+        sequenceContent.write(pkcs1Bytes)
+
+        val contentBytes = sequenceContent.toByteArray()
+        output.write(0x30) // outer SEQUENCE tag
+        output.write(encodeAsn1Length(contentBytes.size))
+        output.write(contentBytes)
+
+        return output.toByteArray()
+    }
+
+    /**
+     * Extract the inner PKCS#1 private key bytes from a PKCS#8 wrapper.
+     *
+     * Walks the PKCS#8 structure:
+     *   SEQUENCE → skip version INTEGER → skip AlgorithmIdentifier SEQUENCE → read OCTET STRING
+     *
+     * Returns the original bytes unchanged if parsing fails.
+     */
+    fun extractPkcs1FromPkcs8(pkcs8Bytes: ByteArray): ByteArray {
+        var offset = 0
+
+        // Outer SEQUENCE
+        if (offset >= pkcs8Bytes.size || pkcs8Bytes[offset] != 0x30.toByte()) return pkcs8Bytes
+        offset++
+        val (_, seqLenBytes) = decodeAsn1Length(pkcs8Bytes, offset)
+        offset += seqLenBytes
+
+        // version INTEGER — skip over it
+        if (offset >= pkcs8Bytes.size || pkcs8Bytes[offset] != 0x02.toByte()) return pkcs8Bytes
+        offset++
+        val (verLen, verLenBytes) = decodeAsn1Length(pkcs8Bytes, offset)
+        offset += verLenBytes + (verLen ?: 0)
+
+        // AlgorithmIdentifier SEQUENCE — skip over it
+        if (offset >= pkcs8Bytes.size || pkcs8Bytes[offset] != 0x30.toByte()) return pkcs8Bytes
+        offset++
+        val (algLen, algLenBytes) = decodeAsn1Length(pkcs8Bytes, offset)
+        offset += algLenBytes + (algLen ?: 0)
+
+        // OCTET STRING containing the PKCS#1 private key
+        if (offset >= pkcs8Bytes.size || pkcs8Bytes[offset] != 0x04.toByte()) return pkcs8Bytes
+        offset++
+        val (octetLen, octetLenBytes) = decodeAsn1Length(pkcs8Bytes, offset)
+        offset += octetLenBytes
+
+        val len = octetLen ?: return pkcs8Bytes
+        if (offset + len > pkcs8Bytes.size) return pkcs8Bytes
+        return pkcs8Bytes.copyOfRange(offset, offset + len)
+    }
+}

package/android/src/main/java/com/rsa/core/Algorithms.kt

@@ -0,0 +1,126 @@
+package com.rsa.core
+
+import java.security.spec.AlgorithmParameterSpec
+import java.security.spec.MGF1ParameterSpec
+import java.security.spec.PSSParameterSpec
+import javax.crypto.spec.OAEPParameterSpec
+import javax.crypto.spec.PSource
+
+/**
+ * Maps (padding, hash) option strings to Java Security / Cipher algorithm configurations.
+ *
+ * This provides a single lookup point so that RSACipher and RSASigner don't
+ * need to duplicate algorithm selection logic.
+ *
+ * Supported combinations:
+ *   Cipher (encrypt/decrypt):
+ *     - "pkcs1"  → RSA/ECB/PKCS1Padding (hash is ignored)
+ *     - "oaep"   → RSA/ECB/OAEPPadding with explicit OAEPParameterSpec
+ *
+ *   Signature (sign/verify):
+ *     - "pkcs1"  → SHA{N}withRSA
+ *     - "pss"    → SHA{N}withRSA/PSS with explicit PSSParameterSpec
+ */
+object Algorithms {
+
+    /**
+     * Resolved cipher algorithm: the Java transformation string plus optional params.
+     */
+    data class CipherAlgorithm(
+        val transformation: String,
+        val params: AlgorithmParameterSpec?
+    )
+
+    /**
+     * Resolved signature algorithm: the Java algorithm name plus optional params.
+     */
+    data class SignatureAlgorithm(
+        val name: String,
+        val params: AlgorithmParameterSpec?
+    )
+
+    /**
+     * Look up the Java Cipher transformation and parameters for an encrypt/decrypt operation.
+     *
+     * @param padding "pkcs1" or "oaep"
+     * @param hash    "sha1", "sha256", "sha384", or "sha512" (only used with OAEP)
+     */
+    fun getCipherAlgorithm(padding: String, hash: String): CipherAlgorithm {
+        return when (padding) {
+            "pkcs1" -> CipherAlgorithm("RSA/ECB/PKCS1Padding", null)
+            "oaep" -> {
+                val (hashName, mgf1Spec) = getHashParams(hash)
+                // Explicit OAEPParameterSpec is needed to support all hash algorithms.
+                // The default "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" always uses SHA-1 for MGF1.
+                CipherAlgorithm(
+                    "RSA/ECB/OAEPPadding",
+                    OAEPParameterSpec(hashName, "MGF1", mgf1Spec, PSource.PSpecified.DEFAULT)
+                )
+            }
+            else -> throw IllegalArgumentException("Unsupported encryption padding: $padding")
+        }
+    }
+
+    /**
+     * Look up the Java Signature algorithm name and parameters for a sign/verify operation.
+     *
+     * @param padding "pkcs1" or "pss"
+     * @param hash    "sha1", "sha256", "sha384", or "sha512"
+     */
+    fun getSignatureAlgorithm(padding: String, hash: String): SignatureAlgorithm {
+        return when (padding) {
+            "pkcs1" -> {
+                // Deterministic PKCS#1 v1.5 signatures — no additional params needed
+                val algName = when (hash) {
+                    "sha1" -> "SHA1withRSA"
+                    "sha256" -> "SHA256withRSA"
+                    "sha384" -> "SHA384withRSA"
+                    "sha512" -> "SHA512withRSA"
+                    else -> throw IllegalArgumentException("Unsupported hash: $hash")
+                }
+                SignatureAlgorithm(algName, null)
+            }
+            "pss" -> {
+                // PSS signatures require explicit parameter spec (salt length = hash output length)
+                val (hashName, mgf1Spec, saltLen) = getHashParamsWithSalt(hash)
+                val algName = when (hash) {
+                    "sha1" -> "SHA1withRSA/PSS"
+                    "sha256" -> "SHA256withRSA/PSS"
+                    "sha384" -> "SHA384withRSA/PSS"
+                    "sha512" -> "SHA512withRSA/PSS"
+                    else -> throw IllegalArgumentException("Unsupported hash: $hash")
+                }
+                SignatureAlgorithm(
+                    algName,
+                    PSSParameterSpec(hashName, "MGF1", mgf1Spec, saltLen, 1)
+                )
+            }
+            else -> throw IllegalArgumentException("Unsupported signature padding: $padding")
+        }
+    }
+
+    // --- Internal helpers ---
+
+    /** Hash name and MGF1 parameter spec for a given hash algorithm. */
+    private fun getHashParams(hash: String): Pair<String, MGF1ParameterSpec> {
+        return when (hash) {
+            "sha1" -> Pair("SHA-1", MGF1ParameterSpec.SHA1)
+            "sha256" -> Pair("SHA-256", MGF1ParameterSpec.SHA256)
+            "sha384" -> Pair("SHA-384", MGF1ParameterSpec.SHA384)
+            "sha512" -> Pair("SHA-512", MGF1ParameterSpec.SHA512)
+            else -> throw IllegalArgumentException("Unsupported hash: $hash")
+        }
+    }
+
+    /** Hash name, MGF1 spec, and salt length (= hash output size in bytes) for PSS. */
+    private data class HashParamsWithSalt(val hashName: String, val mgf1Spec: MGF1ParameterSpec, val saltLen: Int)
+    private fun getHashParamsWithSalt(hash: String): HashParamsWithSalt {
+        return when (hash) {
+            "sha1" -> HashParamsWithSalt("SHA-1", MGF1ParameterSpec.SHA1, 20)
+            "sha256" -> HashParamsWithSalt("SHA-256", MGF1ParameterSpec.SHA256, 32)
+            "sha384" -> HashParamsWithSalt("SHA-384", MGF1ParameterSpec.SHA384, 48)
+            "sha512" -> HashParamsWithSalt("SHA-512", MGF1ParameterSpec.SHA512, 64)
+            else -> throw IllegalArgumentException("Unsupported hash: $hash")
+        }
+    }
+}

package/android/src/main/java/com/rsa/core/KeyUtils.kt

@@ -0,0 +1,83 @@
+package com.rsa.core
+
+import java.security.KeyFactory
+import java.security.PublicKey
+import java.security.interfaces.RSAPrivateCrtKey
+import java.security.spec.PKCS8EncodedKeySpec
+import java.security.spec.X509EncodedKeySpec
+import java.util.Base64
+
+/**
+ * PEM parsing and key loading utilities for Android.
+ *
+ * Handles conversion between PEM-encoded key strings and Java security key objects.
+ * Supports both PKCS#1 ("BEGIN RSA PRIVATE KEY") and PKCS#8 ("BEGIN PRIVATE KEY")
+ * private key formats, and SPKI ("BEGIN PUBLIC KEY") public key format.
+ */
+object KeyUtils {
+
+    /**
+     * Extract the base64-encoded content from a PEM string,
+     * stripping the header/footer lines and all whitespace.
+     */
+    fun extractBase64(pem: String): String {
+        return pem.lines()
+            .filter { !it.startsWith("-----") }
+            .joinToString("")
+            .replace("\\s".toRegex(), "")
+    }
+
+    /**
+     * Format raw DER bytes as a PEM string with the given header.
+     *
+     * @param derBytes The raw DER-encoded key bytes
+     * @param header   The PEM header label (e.g. "RSA PRIVATE KEY", "PRIVATE KEY", "PUBLIC KEY")
+     * @return A properly formatted PEM string with 64-char line wrapping
+     */
+    fun toPEM(derBytes: ByteArray, header: String): String {
+        val base64Key = Base64.getEncoder().encodeToString(derBytes)
+        return "-----BEGIN $header-----\n" +
+                base64Key.chunked(64).joinToString("\n") +
+                "\n-----END $header-----"
+    }
+
+    /**
+     * Load an RSA private key from a PEM string.
+     *
+     * Accepts both PKCS#1 and PKCS#8 formats:
+     *   - PKCS#1 ("BEGIN RSA PRIVATE KEY"): wraps in PKCS#8 first, since Java's
+     *     KeyFactory only accepts PKCS#8 (PKCS8EncodedKeySpec)
+     *   - PKCS#8 ("BEGIN PRIVATE KEY"): used directly
+     *
+     * @return The private key as RSAPrivateCrtKey (gives access to CRT components)
+     */
+    fun loadPrivateKey(pem: String): RSAPrivateCrtKey {
+        val keyFactory = KeyFactory.getInstance("RSA")
+        val base64 = extractBase64(pem)
+        val derBytes = Base64.getDecoder().decode(base64)
+
+        // Java only accepts PKCS#8, so wrap PKCS#1 if needed
+        val pkcs8Bytes = if (pem.contains("BEGIN RSA PRIVATE KEY")) {
+            ASN1Utils.wrapPkcs1InPkcs8(derBytes)
+        } else {
+            derBytes
+        }
+
+        val spec = PKCS8EncodedKeySpec(pkcs8Bytes)
+        return keyFactory.generatePrivate(spec) as RSAPrivateCrtKey
+    }
+
+    /**
+     * Load an RSA public key from a PEM string (SPKI/X.509 format).
+     *
+     * Expects "BEGIN PUBLIC KEY" (SPKI) format, which is what Java's
+     * X509EncodedKeySpec accepts directly.
+     */
+    fun loadPublicKey(pem: String): PublicKey {
+        val keyFactory = KeyFactory.getInstance("RSA")
+        val base64 = extractBase64(pem)
+        val derBytes = Base64.getDecoder().decode(base64)
+        val spec = X509EncodedKeySpec(derBytes)
+        return keyFactory.generatePublic(spec)
+    }
+}

package/android/src/main/java/com/rsa/core/RSACipher.kt

@@ -0,0 +1,71 @@
+package com.rsa.core
+
+import java.util.Base64
+import javax.crypto.Cipher
+
+/**
+ * RSA encryption and decryption operations for Android.
+ *
+ * Uses `javax.crypto.Cipher` with algorithm configurations from [Algorithms].
+ * All data crosses the bridge as base64 strings to avoid binary encoding issues.
+ *
+ * Supported padding modes:
+ *   - "oaep"  — OAEP (Optimal Asymmetric Encryption Padding) with configurable hash.
+ *               Uses explicit OAEPParameterSpec to ensure the correct hash is used
+ *               for both the message digest and MGF1 mask generation.
+ *   - "pkcs1" — PKCS#1 v1.5 padding (legacy, not recommended for new applications)
+ */
+object RSACipher {
+
+    /**
+     * Encrypt data with an RSA public key.
+     *
+     * @param dataBase64    The plaintext data encoded as base64
+     * @param publicKeyPEM  The public key in SPKI PEM format ("BEGIN PUBLIC KEY")
+     * @param padding       "oaep" or "pkcs1"
+     * @param hash          "sha256", "sha1", "sha384", or "sha512" (used with OAEP)
+     * @return The ciphertext encoded as base64
+     */
+    fun encrypt(dataBase64: String, publicKeyPEM: String, padding: String, hash: String): String {
+        val publicKey = KeyUtils.loadPublicKey(publicKeyPEM)
+        val data = Base64.getDecoder().decode(dataBase64)
+        val algorithm = Algorithms.getCipherAlgorithm(padding, hash)
+
+        val cipher = Cipher.getInstance(algorithm.transformation)
+        if (algorithm.params != null) {
+            // OAEP requires explicit parameter spec for correct hash configuration
+            cipher.init(Cipher.ENCRYPT_MODE, publicKey, algorithm.params)
+        } else {
+            // PKCS#1 v1.5 — no additional params needed
+            cipher.init(Cipher.ENCRYPT_MODE, publicKey)
+        }
+
+        val encrypted = cipher.doFinal(data)
+        return Base64.getEncoder().encodeToString(encrypted)
+    }
+
+    /**
+     * Decrypt data with an RSA private key.
+     *
+     * @param dataBase64     The ciphertext encoded as base64
+     * @param privateKeyPEM  The private key in PEM format (PKCS#1 or PKCS#8)
+     * @param padding        "oaep" or "pkcs1" — must match the padding used during encryption
+     * @param hash           "sha256", "sha1", "sha384", or "sha512" — must match encryption hash
+     * @return The decrypted plaintext encoded as base64
+     */
+    fun decrypt(dataBase64: String, privateKeyPEM: String, padding: String, hash: String): String {
+        val privateKey = KeyUtils.loadPrivateKey(privateKeyPEM)
+        val data = Base64.getDecoder().decode(dataBase64)
+        val algorithm = Algorithms.getCipherAlgorithm(padding, hash)
+
+        val cipher = Cipher.getInstance(algorithm.transformation)
+        if (algorithm.params != null) {
+            cipher.init(Cipher.DECRYPT_MODE, privateKey, algorithm.params)
+        } else {
+            cipher.init(Cipher.DECRYPT_MODE, privateKey)
+        }
+
+        val decrypted = cipher.doFinal(data)
+        return Base64.getEncoder().encodeToString(decrypted)
+    }
+}

package/android/src/main/java/com/rsa/core/RSAKeyGenerator.kt

@@ -0,0 +1,125 @@
+package com.rsa.core
+
+import java.security.KeyFactory
+import java.security.KeyPair
+import java.security.KeyPairGenerator
+import java.security.interfaces.RSAPrivateCrtKey
+import java.security.interfaces.RSAPublicKey
+import java.security.spec.RSAPublicKeySpec
+import java.util.Base64
+
+/**
+ * Result of RSA key pair generation, containing both keys as PEM strings.
+ */
+data class RSAKeyPairResult(
+    val publicKey: String,
+    val privateKey: String
+)
+
+/**
+ * RSA key generation and conversion operations.
+ *
+ * Thread-safe singleton that provides:
+ *   - Key pair generation (PKCS#1 or PKCS#8 private key format)
+ *   - Public key extraction from a private key
+ *   - Private key format conversion between PKCS#1 and PKCS#8
+ *
+ * Delegates ASN.1 encoding to [ASN1Utils] and PEM/key-loading to [KeyUtils].
+ */
+class RSAKeyGenerator {
+
+    companion object {
+        private const val DEFAULT_KEY_SIZE = 2048
+
+        @Volatile
+        private var INSTANCE: RSAKeyGenerator? = null
+
+        fun getInstance(): RSAKeyGenerator {
+            return INSTANCE ?: synchronized(this) {
+                INSTANCE ?: RSAKeyGenerator().also { INSTANCE = it }
+            }
+        }
+    }
+
+    /**
+     * Generate an RSA key pair.
+     *
+     * @param keySize RSA key size in bits (default: 2048). Supported: 1024, 2048, 4096.
+     * @param format  "pkcs1" or "pkcs8" — controls the private key output format.
+     *                Public key is always SPKI/X.509 ("BEGIN PUBLIC KEY").
+     * @return RSAKeyPairResult with public and private keys in PEM format
+     */
+    fun generateKeyPair(keySize: Int = DEFAULT_KEY_SIZE, format: String = "pkcs1"): RSAKeyPairResult {
+        val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
+        keyPairGenerator.initialize(keySize)
+        val keyPair: KeyPair = keyPairGenerator.generateKeyPair()
+
+        val privateKey = keyPair.private as RSAPrivateCrtKey
+        val publicKey = keyPair.public as RSAPublicKey
+
+        // Encode private key in the requested format
+        val privateKeyPEM = when (format) {
+            "pkcs8" -> KeyUtils.toPEM(privateKey.encoded, "PRIVATE KEY")
+            else -> {
+                // Manually encode PKCS#1 since Java only gives us PKCS#8 natively
+                val pkcs1Bytes = ASN1Utils.encodePkcs1RsaPrivateKey(privateKey)
+                KeyUtils.toPEM(pkcs1Bytes, "RSA PRIVATE KEY")
+            }
+        }
+
+        // Public key: Java's key.encoded returns SPKI/X.509 DER directly
+        val publicKeyPEM = KeyUtils.toPEM(publicKey.encoded, "PUBLIC KEY")
+
+        return RSAKeyPairResult(publicKey = publicKeyPEM, privateKey = privateKeyPEM)
+    }
+
+    /**
+     * Extract the public key from an RSA private key PEM string.
+     *
+     * Works with both PKCS#1 and PKCS#8 input formats.
+     * The returned public key is always in SPKI/X.509 PEM format.
+     */
+    fun getPublicKeyFromPrivate(privateKeyPEM: String): String {
+        val keyFactory = KeyFactory.getInstance("RSA")
+
+        // Load the private key (handles both PKCS#1 and PKCS#8 automatically)
+        val privateKey = KeyUtils.loadPrivateKey(privateKeyPEM)
+
+        // Build public key from the private key's modulus and public exponent
+        val publicSpec = RSAPublicKeySpec(privateKey.modulus, privateKey.publicExponent)
+        val publicKey = keyFactory.generatePublic(publicSpec) as RSAPublicKey
+
+        return KeyUtils.toPEM(publicKey.encoded, "PUBLIC KEY")
+    }
+
+    /**
+     * Convert a private key PEM between PKCS#1 and PKCS#8 formats.
+     *
+     * @param pem          The private key in PEM format
+     * @param targetFormat "pkcs1" or "pkcs8"
+     * @return The private key re-encoded in the target format
+     * @throws IllegalArgumentException if the PEM format is unrecognized
+     */
+    fun convertPrivateKey(pem: String, targetFormat: String): String {
+        return when {
+            // PKCS#1 → PKCS#8: wrap the raw bytes in a PKCS#8 structure
+            pem.contains("BEGIN RSA PRIVATE KEY") && targetFormat == "pkcs8" -> {
+                val base64 = KeyUtils.extractBase64(pem)
+                val pkcs1Bytes = Base64.getDecoder().decode(base64)
+                val pkcs8Bytes = ASN1Utils.wrapPkcs1InPkcs8(pkcs1Bytes)
+                KeyUtils.toPEM(pkcs8Bytes, "PRIVATE KEY")
+            }
+            // PKCS#8 → PKCS#1: extract the inner PKCS#1 bytes
+            pem.contains("BEGIN PRIVATE KEY") && targetFormat == "pkcs1" -> {
+                val base64 = KeyUtils.extractBase64(pem)
+                val pkcs8Bytes = Base64.getDecoder().decode(base64)
+                val pkcs1Bytes = ASN1Utils.extractPkcs1FromPkcs8(pkcs8Bytes)
+                KeyUtils.toPEM(pkcs1Bytes, "RSA PRIVATE KEY")
+            }
+            // Already in the target format — return unchanged
+            pem.contains("BEGIN RSA PRIVATE KEY") && targetFormat == "pkcs1" -> pem
+            pem.contains("BEGIN PRIVATE KEY") && targetFormat == "pkcs8" -> pem
+            else -> throw IllegalArgumentException("Unrecognized PEM format or unsupported target format")
+        }
+    }
+}