Read private key in DER format java

Question

I have the following code to read a private key in PKCS#8 format

public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) {
    FileInputStream fis = null;
    byte[] encodedKey = null;
    try {

        File f = new File(pathOfKey);
        encodedKey = new byte[(int)f.length()];

        fis = new FileInputStream(f);
        fis.read(encodedKey);
        fis.close();

        KeyFactory kf = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));

        Signature rsaSigner = Signature.getInstance("SHA1withRSA");
        rsaSigner.initSign(privateKey);

        fis = new FileInputStream(hashToEncrypt);
        BufferedInputStream bis = new BufferedInputStream(fis);
        byte[] buffer = new byte[1024];
        int len = 0;
        while ((len = bis.read(buffer)) >= 0) {
            try {
                rsaSigner.update(buffer, 0, len);
            } catch (SignatureException ex) {
                Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
            }
        }
        bis.close();

        byte[] signature = rsaSigner.sign();

        System.out.println(new String(signature));

    } catch (SignatureException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (InvalidKeyException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (InvalidKeySpecException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (FileNotFoundException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (IOException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (NoSuchAlgorithmException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } finally {
        try {
            fis.close();
        } catch (IOException ex) {
            Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
}

But I'm getting the following exception.

dic 09, 2011 1:59:59 PM firmaelectronica.DataEncryptor encryptHash
Grave: null
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
    at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40)
    at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39)
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361)
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
    at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
    ... 3 more

any idea what is wrong? I tried this on OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem and it works but when I want to read the key in DER format it just sends that exception.

Answer 1

Well finally looking at this thread Encrypting with RSA private key in Java found the answer.

First I had to unprotect the key, as follows

openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key

it asked me for my password and then I had the file myPEMPrivate.key Once done this proceed to get rid of the password protecting the key like follows

openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key

with this I'm now able to load the key with the code above. If we want to have a pass-protected key in java it is highly advisable to use a keystore.

P.S. I tried to avoid the 2 steps to get rid of the password protecting the key with openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key but I don't know why I had the error Error decrypting key I used WinOpenSSL maybe that's the reason why I got that error.

Answer 2

Use this:

-passin arg

the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

Command should look like:

openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -passin pass:12345678a -out myPEMPrivate.key

OpenSSL website https://www.openssl.org/docs/apps/pkcs8.html