0

I try to decrypt the encrypted private key string which like this 

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBO...
-----END ENCRYPTED PRIVATE KEY-----

And I also remove the head and the foot. But it throws the exception:

Exception in thread "main" java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
    at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
    at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
    at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
    at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
    at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
    at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
    at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
    at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
    at com.cargosmart.mci3.as2.process.as2control.KeystoreController.decryptKey(KeystoreController.java:162)
    at com.cargosmart.mci3.as2.process.as2control.KeystoreController.main(KeystoreController.java:147)

Here is the code 

import org.bouncycastle.util.encoders.Base64;

String key = "-----BEGIN ENCRYPTED PRIVATE KEY-----MIII-----END ENCRYPTED PRIVATE KEY-----";
key = standardizePem(key);
key = key.replace("-----BEGIN ENCRYPTED PRIVATE KEY-----\n", "").replace("\n-----END ENCRYPTED PRIVATE KEY-----", "");
byte[] b = Base64.decode(key);

// here is the exception line
EncryptedPrivateKeyInfo pkinfo = new EncryptedPrivateKeyInfo(b);

And the function standardizePem is aim to format the key string

public static String standardizePem(String cert) {
        String SEPARATOR = "-----";
        String LINE_SEPERATOR = "\n";
        String temp[] = cert.split(SEPARATOR);
        String certHead = temp[1];
        String certEnd = temp[3];
        String certContent = temp[2];
        String regex = "(.{64})";
        certContent = certContent.replaceAll(regex,"$1\n");
        final String pem = SEPARATOR + certHead + SEPARATOR + LINE_SEPARATOR +  certContent + LINE_SEPARATOR + SEPARATOR + certEnd + SEPARATOR;
        return pem;
    }

Could anyone have solutions?

Thanks for your help.

Gentle Chen
  • 53
  • 1
  • 9
  • 1
    `String regex = "(.{64})"; certContent = certContent.replaceAll(regex,"$1\n");` that looks like you're cutting off everything beyond 64 characters of length. That doesn't sound like a smart idea. What are you trying to do in your `standardizePem` method? Does your code work if you don't "standardize" your input? – Erwin Bolwidt Mar 25 '19 at 09:28
  • @ErwinBolwidt The method `standardizePem` is aim at making the string format as pem. And I also try to remove it, and it return the same exception – Gentle Chen Mar 25 '19 at 09:33
  • @Topaco: the problem in this Q is specifically PKCS8 encrypted _using PBES2_ and none of your links addresses that. Stack's autosuggested 'Related' https://stackoverflow.com/questions/51883324/why-can-encryptedprivatekeyinfo-not-read-my-pkcs8-encrypted-private-key-in-java does, but doesn't have the answer. vicky's new answer does. – dave_thompson_085 Dec 03 '22 at 19:36

1 Answers1

1

Posting the answer after debugging and searching a lot about the issue

Exception in thread "main" java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)

I found its the issue with Java version below or equal jdk8u2x

 EncryptedPrivateKeyInfo pkinfo = new EncryptedPrivateKeyInfo(b);

Actually java version below 8u3 for e.g. jdk8u2 or lesser, can't parse the new algorithms DER encoded stream This is the known issue which is reported and fixed now from jdk8u3.

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8267837 is the link of reported bug

for me, I was trying with java version 1.8_201 and it didnt worked but when I changed the version to 1.8_351, it worked like charm

vicky9988
  • 66
  • 2
  • 3
  • 14
  • 1
    Also dupe https://stackoverflow.com/questions/70244066/keytool-error-java-io-ioexception-parsealgparameters-failed-objectidentifier and several more linked there. The fixed versions are 8u301/7u311 up as stated in your link, and 11.0.1 up. – dave_thompson_085 Dec 03 '22 at 19:31