10

I have a password protected, encrypted RSA private key, which was created with PyCrypto (2.6.1) and has according to their docs the following format: PrivateKeyInfo, PKCS#8 (DER SEQUENCE), PEM (RFC1423), see [https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#exportKey].

How can I decrypt this RSA key with Bouncycastle/Spongycastle?

I've searched Google for quite a long time and only came up with results, that either won't work with version 1.50 (because PEMReader was deprecated and got removed) or with examples of PEMParser who seems to could not read this format. BTW: Is there any documentation on Bouncycastle I missed?

This is the header of my encrypted private key:

-----BEGIN PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,68949227DD8A502D
xyz...

I would really be thankful, if anyone could help me out!

monim
  • 3,427
  • 3
  • 23
  • 36
user3507885
  • 101
  • 1
  • 1
  • 4
  • This is encrypted key (TripleDES with CBC mode and input vector 68949227DD8A502D). Thus, before PEMReader can read it, it must be decrypted first. – divanov Apr 13 '14 at 04:09
  • Please note that the key is encrypted with an old (and insecure) algorithm. Current practice is to use PKCS#8 to protect private keys. Bouncy Castle has support for PKCS#8 decryption in the JceOpenSSLPKCS8DecryptorProviderBuilder class. – Gert-Jan Sep 19 '16 at 09:36

4 Answers4

14

To sum up what I found on this topic here and there :

Here is the final code if you want to get the modulus for example :

import java.io.FileReader;
import java.security.Security;
import java.security.KeyFactory
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// Note that you need to add 'pkix' package. e.g. 'org.bouncycastle:bcpkix-jdk15on'
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

// For JcaPEMKeyConverter().setProvider("BC")
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

// Using bcpkix-jdk14-1.48
PEMParser pemParser = new PEMParser(new FileReader(file));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair)
{
    // Encrypted key - we will use provided password
    PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
    kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
}
else
{
    // Unencrypted key - no password needed
    PEMKeyPair ukp = (PEMKeyPair) object;
    kp = converter.getKeyPair(ukp);
}

// RSA
KeyFactory keyFac = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

return privateKey;

And then you can call for example :

privateKey.getModulus();
Aidin
  • 1,271
  • 14
  • 20
Bludwarf
  • 824
  • 9
  • 21
  • 1
    The parsed PEM object can also be a PrivateKeyInfo, and the private key is retrieved with `converter.getPrivateKey((PrivateKeyInfo) object);` – Emmanuel Bourg Feb 01 '17 at 23:27
5

The following static method will handle all the following PEM encoding styles for encrypted private keys:

-----BEGIN ENCRYPTED PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----

First ensure that you've registered BC as a security provider then you can use this method:

  static public PrivateKey stringToPrivateKey(String s, String password)
      throws IOException, PKCSException {

    PrivateKeyInfo pki;

    try (PEMParser pemParser = new PEMParser(new StringReader(s))) {

      Object o = pemParser.readObject();

      if (o instanceof PKCS8EncryptedPrivateKeyInfo) {

        PKCS8EncryptedPrivateKeyInfo epki = (PKCS8EncryptedPrivateKeyInfo) o;

        JcePKCSPBEInputDecryptorProviderBuilder builder =
            new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bc);

        InputDecryptorProvider idp = builder.build(password.toCharArray());

        pki = epki.decryptPrivateKeyInfo(idp);
      } else if (o instanceof PEMEncryptedKeyPair) {

        PEMEncryptedKeyPair epki = (PEMEncryptedKeyPair) o;
        PEMKeyPair pkp = epki.decryptKeyPair(new BcPEMDecryptorProvider(password.toCharArray()));

        pki = pkp.getPrivateKeyInfo();
      } else {
        throw new PKCSException("Invalid encrypted private key class: " + o.getClass().getName());
      }

      JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(bc);
      return converter.getPrivateKey(pki);
    }
  }
Andy Brown
  • 11,766
  • 2
  • 42
  • 61
1

Using the answer for this question you should do the following 

File privateKeyFile = new File(privateKeyFileName); // private key file in PEM format
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
Object object = pemParser.readObject();
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
    kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}

Then you can say 

PrivateKey key = kp.getPrivateKey();
Ahmed Ashour
  • 5,179
  • 10
  • 35
  • 56
monim
  • 3,427
  • 3
  • 23
  • 36
1
   //https://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file
//https://stackoverflow.com/questions/5271189/how-to-convert-a-pkcs8-encoded-rsa-key-into-pkcs1-in-java
//https://stackoverflow.com/questions/22920131/read-an-encrypted-private-key-with-bouncycastle-spongycastle
private static void decrypt() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    // For JcaPEMKeyConverter().setProvider("BC")
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    String caPrivateKeyFname = "E:\\xxx\\key.pem";

    FileInputStream fis = null;
    try {
        fis = new FileInputStream(caPrivateKeyFname);
    } catch (FileNotFoundException e) {
        e.printStackTrace();
    }

    //Load and parse PEM object
    PEMParser pemParser = new PEMParser(new InputStreamReader(fis));
    Object object = pemParser.readObject();
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
    KeyPair kp;
    //password
    String pwd = "typePassword";
    if (object instanceof PEMEncryptedKeyPair) {
        // Encrypted key - we will use provided password
        PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
        PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(pwd.toCharArray());
        kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
    } else {
        // Unencrypted key - no password needed
        PEMKeyPair ukp = (PEMKeyPair) object;
        kp = converter.getKeyPair(ukp);
    }
    // RSA
    KeyFactory keyFac = KeyFactory.getInstance("RSA");
    RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

    PrivateKey privateKey1 = keyFac.generatePrivate(privateKey);
    //This is the same as the output below
    Base64Encoder.encode(privateKey1.getEncoded());

    PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privateKey1.getEncoded());
    ASN1Encodable privateKeyPKCS1ASN1Encodable = pkInfo.parsePrivateKey();
    ASN1Primitive privateKeyPKCS1ASN1 = privateKeyPKCS1ASN1Encodable.toASN1Primitive();
    SONBASE64Encoder encoder = new SONBASE64Encoder();
    System.out.println(encoder.encode(privateKeyPKCS1ASN1.getEncoded()));

}

The above code should solve the decryption problem and put pkcs8 encoded rsa-key into pkcs1

Stone
  • 11
  • 1