Read encrypted PKCS8 SpongyCastle Java

https://stackoverflow.com/questions/22518092

17-06-2023
|

Question

I am following the code in: https://stackoverflow.com/a/18161536/1753951 but I am getting an Exception in the following line:

FileInputStream fis = new FileInputStream(priv);
DataInputStream dis = new DataInputStream(fis);
byte[] keyBytes = new byte[(int)priv.length()];
dis.readFully(keyBytes);
dis.close();
javax.crypto.EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(keyBytes);
//Exception: 
org.apache.harmony.security.asn1.ASN1Exception: Wrong content length

I am trying to read a .key/.pem PKCS8 file which is:

Solution

After looking long time for a solution I stumbled with a library that helps me and works on android. Not-Yet-Commons

http://juliusdavies.ca/commons-ssl/

FileInputStream in = new FileInputStream( "/path/to/pkcs8_private_key.der" );

PKCS8Key pkcs8 = new PKCS8Key( in, "changeit".toCharArray() );

byte[] decrypted = pkcs8.getDecryptedBytes();
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( decrypted );

// A Java PrivateKey object is born.
PrivateKey pk = null;
if ( pkcs8.isDSA() )
{
   pk = KeyFactory.getInstance( "DSA" ).generatePrivate( spec );
}
else if ( pkcs8.isRSA() )
{
   pk = KeyFactory.getInstance( "RSA" ).generatePrivate( spec );
}
// For lazier types (like me):
pk = pkcs8.getPrivateKey();

OTHER TIPS

javax.crypto.EncryptedPrivateKeyInfo expects a DER-encoded input, while the contents of your file are obviously in the PEM encoding.

The relation between PEM and DER is this:

The DER is the actual ASN.1-encoded data as a sequence of bytes.
The PEM is text-based with all these -----BEGIN SOMETHING----- and -----END SOMETHING----- headers and Base64-encoded data inside. Basically, PEM is header+Base64(DER)+footer.

You need to convert your key into DER format, for example using the OpenSSL pkey command:

openssl pkey -in key.pem -outform DER -out key.der

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow