All geek questions in one place

Reading private key in DER java format

I have the following code to read the private key in PKCS # 8 format

public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) { FileInputStream fis = null; byte[] encodedKey = null; try { File f = new File(pathOfKey); encodedKey = new byte[(int)f.length()]; fis = new FileInputStream(f); fis.read(encodedKey); fis.close(); KeyFactory kf = KeyFactory.getInstance("RSA"); PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey)); Signature rsaSigner = Signature.getInstance("SHA1withRSA"); rsaSigner.initSign(privateKey); fis = new FileInputStream(hashToEncrypt); BufferedInputStream bis = new BufferedInputStream(fis); byte[] buffer = new byte[1024]; int len = 0; while ((len = bis.read(buffer)) >= 0) { try { rsaSigner.update(buffer, 0, len); } catch (SignatureException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } } bis.close(); byte[] signature = rsaSigner.sign(); System.out.println(new String(signature)); } catch (SignatureException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeyException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeySpecException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (FileNotFoundException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (IOException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchAlgorithmException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } finally { try { fis.close(); } catch (IOException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } } }

But I get the following exception.

 dic 09, 2011 1:59:59 PM firmaelectronica.DataEncryptor encryptHash Grave: null java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217) at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40) at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39) Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361) at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367) at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91) at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75) at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316) at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213) ... 3 more

any idea what is wrong? I tried this on OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem and it works, but when I want to read a key in DER format, it just throws this exception.

+4
source share
2 answers

Well, finally, looking at this topic Encryption with RSA Private Key in Java found the answer.

At first I had to remove the key protection, as shown below.

openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key

he asked me to enter my password, and then I had the file myPEMPrivate.key . After that, do this to get rid of the password protecting the key, as follows

openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key

with this, I can now download the key with the code above. If we want to have a password protected key in java, it is highly advisable to use a keystore.

PS I tried to avoid two steps to get rid of the password protecting the key using openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key , but I don’t know why I had an error Decryption key . I used WinOpenSSL, perhaps the reason I got this error.

+4
source

Use this:

-passin arg

source of input file. For more information on the arg format, see the PASS PHRASE ARGUMENTS Section in openssl (1).

The command should look like this:

openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -passin pass: 12345678a -out myPEMPrivate.key

OpenSSL Website https://www.openssl.org/docs/apps/pkcs8.html

0
source

Source: https://habr.com/ru/post/1385593/

More articles:


All Articles