Can't read GOST2012 key with BouncyCastle

Question

We have private key (GOST3410-2012). But we can't read it using BouncyCastle 1.8.6.1

Here is a key data:

And here is a code to read it:

        const string keyPath = "D:\\testkey\\priv.key";
        using (var textReader = File.OpenText(keyPath))
        {
            var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(textReader);
            var pemObj = pemReader.ReadPemObject();
            var seq = (Asn1Sequence)Asn1Object.FromByteArray(pemObj.Content);
            var keyInfo = PrivateKeyInfo.GetInstance(seq);
            var akp = Org.BouncyCastle.Security.PrivateKeyFactory.CreateKey(keyInfo);
        }

this code provide exception: "DER length more than 4 bytes: 103". Does anyone knows how to read it?

I am not an expert of GOST keys, but the ASN.1 data structure seems to be fine: [ASN.1 decoded version of your sample key](https://lapo.it/asn1js/#MIGiAgEAMCEGCCqFAwcBAQECMBUGCSqFAwcBAgECAQYIKoUDBwEBAgMEQIXnWrZ6ajvbCU6x9jK49PgQqCP00T_lW3laXCXueMF8X4Q1y3N9zfOJT2s_IgyPJVrUhgtO1Akp-Roh8bCPPlqgODA2BggqhQMCCQMIATEqBCi72ZvrBVW6mFL_bQeXeMTf8Jh8p_diI7Cg8ig4mXg3tsIUf4vBi61b) — Robert, Apr 22 '20 at 13:12
What Cryptographic Service Provider have you installed? GOST algoritms are not supported by default. — Alexander, Apr 23 '20 at 11:38
Also check this [one](https://stackoverflow.com/a/53170755/3868464) — Alexander, Apr 23 '20 at 11:42

Anton Plotnikov · Answer 1 · 2020-05-08T19:23:20.243

1

If you make your key with OpenSSL, try to add the following parameter in the "gost_section" of your OpennSSL config file:

GOST_PK_FORMAT = LEGACY_PK_WRAP

then export the key again

edited May 08 '20 at 19:23

answered May 08 '20 at 19:17

Anton Plotnikov

41
5

In addition, you can explore this commit https://github.com/bcgit/bc-csharp/commit/fac7ac9bfe82e7c4eedf5a7b26bed58e49fa988b – Anton Plotnikov May 08 '20 at 19:27

Can't read GOST2012 key with BouncyCastle

1 Answers1