4

Using Java and Bouncy Castle 1.52, I can load the private key through the PEM certificate using the following code. I also have a private.key file of the same in PKCS8 format. What is the code to use the private.key file directly instead of the PEM?

String keyPath = "C:\\RSA7\\privatenopass.pem";
BufferedReader br = new BufferedReader(new FileReader(keyPath));
PEMParser pp = new PEMParser(br);
PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();
KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
pp.close();
cipher.init(Cipher.DECRYPT_MODE, kp.getPrivate());
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Bertrand_Szoghy
  • 880
  • 1
  • 11
  • 26
  • based on this answer http://stackoverflow.com/q/29789984/2413303 you should check what the object returned by the `PemParser` is, there is a large chance that it is a `PKCS8EncryptedPrivateKeyInfo`. – EpicPandaForce May 19 '15 at 13:37
  • Hello, Thank you for your response. The private.key is not encrypted, it's on disk ready to use. I know it's a PKCS8 format, I just want to use it (?) – Bertrand_Szoghy May 19 '15 at 13:43
  • It was suggested at http://stackoverflow.com/questions/14228282/how-can-i-read-a-bouncycastle-private-key-pem-file-using-jca that the key inside of the PEM file is already stored in PKCS#8 format, so if it is not encrypted with password you can just remove headers (-----BEGIN RSA PRIVATE KEY-----), Base64-decode input, and get the needed bytes. But surely there is standardized code to do this? – Bertrand_Szoghy May 19 '15 at 15:26
  • What does the pem parser do with it? Please try if it can create some type of object or if you have to do it manually. – EpicPandaForce May 19 '15 at 16:18
  • Please use often used tags. I'm not scanning all the cryptography *related* tags all the time. – Maarten Bodewes Jun 06 '15 at 15:09

2 Answers2

0

That's simple, as Java itself already uses PKCS#8 encoding to encode RSA private keys.

Note that this example only uses the inner encoding of PKCS#8. PKCS#8 keys actually consist of an a layered structure (inner encoding to indicate key type, which is wrapped, and an outer encoding to indicate the wrapping mechanism used).

It also uses some convenience methods from Java 7/8 to read the bytes from file. You can replace this with any code to read all bytes from the file.

Path path = (new File("privatenopass.pkcs8")).toPath();
byte[] pkcs8Data = Files.readAllBytes(path);
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keyspec = new PKCS8EncodedKeySpec(pkcs8Data);
RSAPrivateKey pk = (RSAPrivateKey) kf.generatePrivate(keyspec);

You directly gave the file reader to Bouncy Castle to decode the PEM. In this case however you do have to perform the stream handling yourself.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
0

Resolved. The following worked for me. 

File mypkfile = new File("C:\\myfolder\\private.key");
byte[] myPK = fullyReadFile(mypkfile);
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(myPK);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privKey = kf.generatePrivate(privateKeySpec);
cipher.init(Cipher.DECRYPT_MODE, privKey);

The fullyReadFIle method:

public static byte[] fullyReadFile(File file) throws IOException
{
            DataInputStream dis = new DataInputStream(new FileInputStream(file));
            byte[] bytesOfFile = new byte[(int) file.length()];
            dis.readFully(bytesOfFile);
            dis.close();
            return bytesOfFile;
}
Bertrand_Szoghy
  • 880
  • 1
  • 11
  • 26