Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How read a PKCS8 encrypted Private key which is also encoded in DER with bouncycastle?

Tags:

java

cryptography

pem

der

bouncycastle

I have tried answers of these questions:

Bouncy Castle : PEMReader => PEMParser

Read an encrypted private key with bouncycastle/spongycastle

However as my encrypted key is encoded in DER when I call 

Object object = pemParser.readObject();

object is null.

I can convert it to PEM with this openssl's command (it decrypts the key too)

openssl pkcs8 -inform der -in pkey.key -out pkey.pem

but I need to read the key in its original file

like image 641
Aloxi Avatar asked Mar 06 '23 09:03

Aloxi

1 Answers

Both those Qs are about parsing, and decrypting, files using OpenSSL's 'legacy PEM' encryption. You are using PKCS8 encryption which is different though similar, so Reading PKCS8 in PEM format: Cannot find provider is closer. You can use most of the approach there, but skipping the PEM parse:

import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo; // NOT the 
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;       // javax ones!
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;

    // args[0] = filename args[1] = password
    FileInputStream fis = new FileInputStream(args[0]);
    byte[] buff = new byte[9999]; int len = fis.read(buff); fis.close();
    // could use File.readAllBytes in j8 but my dev machine is old

    // create what PEMParser would have 
    ASN1Sequence derseq = ASN1Sequence.getInstance (Arrays.copyOf(buff,len));
    PKCS8EncryptedPrivateKeyInfo encobj = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(derseq));
    // decrypt and convert key
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
    InputDecryptorProvider decryptionProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(args[1].toCharArray());
    PrivateKeyInfo keyInfo = encobj.decryptPrivateKeyInfo(decryptionProv);
    PrivateKey key = converter.getPrivateKey(keyInfo);

    // now actually use key, this is just a dummy
    System.out.println (key.getAlgorithm());
like image 133
dave_thompson_085 Avatar answered Mar 12 '23 18:03

dave_thompson_085
Sign in to Comment

Related questions

Why ArrayList has no varargs constructor? [closed]
Android - How to cancel the image request when preloading images with the Glide library?
Default @Transactional in spring and the default lost update
How to block or protect against XSS for Spring MVC 4 applications without SpringBoot
Error No Activity found to handle Intent act=android.media.action.IMAGE_CAPTURE
Exception running clojure-1.9.0.jar: missing clojure/spec/alpha__init.class and clojure/spec/alpha.clj
How to have an arraylist of general objects as argument?
Java allows to declare abstract methods in an enum type but it's a final class not abstract class
Streaming webcam video to AWS Kinesis?
What is the default timeout for HttpURLConnection under Android?
Timestamp incompatibility (NiFi's PutSQL)
Disabling Java Integer Cache
How to Inject Clock.getInstance() in Spring Boot?
How to implement API returns nested JSON with OneToMany relationship in Spring Boot?
Java Bitwise "&" on integers
Sorting a stream of files by their size
wildcard capturing java method argument and parameter type
Design pattern: Factory that creates one object
Delete Messages from a Topic in Apache Kafka
Why cant i do addMouseListener(e ->{ });?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!