Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JAVA: How to save a private key in a pem file with password protection

Tags:

java

rsa

bouncycastle

I am trying to save a private key in a pem file, protected with a password. The problem is, the pem file is created and I can even open it with openssl but, no password is asked!

Here is the code:

KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
keygen.initialize(2048);
KeyPair keypair = keygen.generateKeyPair();

PrivateKey privKey = keypair.getPrivate();

PKCS8Generator encryptorBuilder = new PKCS8Generator(privKey);
encryptorBuilder.setPassword("testing".toCharArray());
PEMWriter writer = new PEMWriter(new FileWriter(new File("pk.pem")));
PemObject obj = encryptorBuilder.generate();

writer.writeObject(obj);
writer.flush();
writer.close();

After it executes, I try to open the pk.pem file 

openssl rsa -in pk.pem -check

and it gives:

RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
(... some key appears here ...)
-----END RSA PRIVATE KEY-----

It was suppose to ask for the password before giving access to the private key! Can some one please help me?

like image 296
Snox Avatar asked Jul 01 '14 08:07

Snox

People also ask

Does PEM contain private key?

pem contains the private encryption key. cert. pem contains certificate information.

1 Answers

Well you should read the BouncyCastle documentation carefully. It states for the constructor you use:

// Constructor for an unencrypted private key PEM object.
PKCS8Generator(java.security.PrivateKey key)

// Constructor for an encrypted private key PEM object.
PKCS8Generator(java.security.PrivateKey key, java.lang.String algorithm, java.lang.String provider)

Hence you are using the constructor for creating an creates an unencrypted PKCS8Generator instance. The password you set as no effect.

Use one of the other constructors instead that create an encrypting instance according to the documentation.

Note: The code in the question requires an outdated version of BouncyCastle (1.4x?), because the current version (1.5x) has different constructors, incompatible with those presented in this answer.

For newer versions use:

import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

JcaPEMWriter writer = new JcaPEMWriter(new PrintWriter(System.out));
writer.writeObject(sk);
writer.close();

possibly replacing the PrintWriter with any other Writer of course.

like image 92
Robert Avatar answered Oct 31 '22 20:10

Robert
Sign in to Comment

Related questions

how to get value from counter Column in cassandra with multiple row keys?
Number format a decimal in Birt reports
Is "Code Conventions for the Java Programming Language" by Sun (1999) out of date? [closed]
Why is DocumentBuilder.parse() not working
JPA 2.1/Hibernate 4.3 deprecation warning
UNEXPECTED TOP-LEVEL EXCEPTION: com.android.dex.DexException
PowerMock Mockito [PowerMockito] @PrepareForTest -> java.lang.NoClassDefFoundError: javassist/NotFoundException
BindException: Address already in use even with unique port
Gradle error: "Could not find property '...' on root project '...'
Java lambdas, stateless lambdas and parallel execution
Get ClassTag from reflected Java Class instance
Creating the border for the merged cells in POI
Java-R bridge "JRI" error: R is already initialized
In Java, how do I test whether a list of `Double` contains a particular value
Why can't I statically reference an inner class's static method on a generic class?
Java8 LocalDate parse Exception
Hibernate could not extract ResultSet exception
Application lifecycle events with spring?
Spring managed transactions, EclipseLink JPA, custom isolation level
Sonar runner: JAVA_HOME exists but does not point to a valid Java home folder

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!