I am building an android system. I have an existing key pair, with a

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T22:55:47+00:00 2026-05-27T22:55:47+00:00

I am building an android system. I have an existing key pair, with a

0

I am building an android system.

I have an existing key pair, with a public exponent F4 (65537).

I try to use it as platform.key (I have the pk8 and the x509).

During the build process, DumpPublicKey is called on my key pair.

At this point, the key is rejected because the public exponent is not 3. (I checked in the code of DumpPublicKey, it is exactly what it does: compare with 3 and reject otherwise)

Here is the stacktrace for this :

java.lang.Exception: Public exponent should be 3 but is 65537.
    at com.android.dumpkey.DumpPublicKey.check(DumpPublicKey.java:75)
    at com.android.dumpkey.DumpPublicKey.main(DumpPublicKey.java:151)

Does this means I have to generate a new key pair using

openssl genrsa -3 ...

or is there any way I can still use my key?

Also, why is it so important that the public exponent is 3 and not F4?

Thanks in advance

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T22:55:48+00:00

Looks like a bug in com.android.dumpkey.DumpPublicKey to me.
Restricting the the public exponent of an RSA key to 3 is just plain silly.
Doing so just makes it more likely that implementation errors have desastrous effects,
if the underlying library is not implemented correctly.

As far as I know Android uses Bouncycastle, which is a crypto library that is
not carefully implemented.

Using the standard exponent 2^16+1 as you do, is very reasonable and avoids many potential
problems with small exponents.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am building an android system. I have an existing key pair, with a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply