PEMException: unable to convert key pair: null

Question

I'm trying to run the following program:

import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.PEMKeyPair;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.KeyPair;
import java.security.KeyFactory;
import java.io.StringReader;
import javax.crypto.Cipher;
import java.util.Base64;
import java.security.interfaces.RSAPrivateKey;

public class Test
{
    public static void main(String[] args) throws Exception
    {
        Security.addProvider(new BouncyCastleProvider());

        String key = "-----BEGIN RSA PRIVATE KEY-----" +
"MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu" +
"KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm" +
"o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k" +
"TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7" +
"9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy" +
"v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs" +
"/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00" +
"-----END RSA PRIVATE KEY-----";

        String ciphertext = "L812/9Y8TSpwErlLR6Bz4J3uR/T5YaqtTtB5jxtD1qazGPI5t15V9drWi58colGOZFeCnGKpCrtQWKk4HWRocQ==";

        // load the private key
        PEMParser pemParser = new PEMParser(new StringReader(key));
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        KeyPair keyPair = converter.getKeyPair((PEMKeyPair) pemParser.readObject());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPrivateCrtKeySpec privateKeySpec = keyFactory.getKeySpec(keyPair.getPrivate(), RSAPrivateCrtKeySpec.class);
        RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);

        // load the ciphertext
        byte[] cipherBytes = Base64.getDecoder().decode(ciphertext);

        // perform the actual decryption
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] plaintext = cipher.doFinal(cipherBytes);
    }
}

It was able to compile without issue but when I try to run it I get the following error:

Exception in thread "main" org.bouncycastle.openssl.PEMException: unable to convert key pair: null
        at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
        at Test.main(MyTest.java:35)
Caused by: java.lang.NullPointerException
        ... 2 more

So I guess getKeyPair doesn't like (PEMKeyPair) pemParser.readObject(). Well that's what I got from Get a PrivateKey from a RSA .pem file...

`getKeyPair` doesn't like _the value null_ which was returned from `readObject` because your PEM data is invalid. **PEM format MUST HAVE LINE BREAKS** (see wikipedia under Privacy-Enhanced Mail) and yours doesn't. Add them and it works. BTW, converting `keyPair.getPrivate()` to a CrtSpec and running it back through the KeyFactory is useless; `keyPair.getPrivate()` _already is_ a valid implementation of `RSAPrivateKey` — dave_thompson_085, Sep 04 '20 at 06:52

score 0 · Answer 1 · answered Aug 04 '22 at 12:47

I had a similar issue and was able to solve it by altering the key from

-----BEGIN RSA PRIVATE KEY-----
 .....content here.....
-----END RSA PRIVATE KEY-----

to:

-----BEGIN EC PRIVATE KEY-----
 .....content here.....
-----END EC PRIVATE KEY-----

Since you are working with an RSA instance and not an elliptic curve (EC) this might not be the source of your problems but maybe it helps someone.

PEMException: unable to convert key pair: null

1 Answers1