Read an encrypted private key with bouncycastle/sp

2020-02-12 17:46发布

站内问答 / Java
949 2 5

I have a password protected, encrypted RSA private key, which was created with PyCrypto (2.6.1) and has according to their docs the following format: PrivateKeyInfo, PKCS#8 (DER SEQUENCE), PEM (RFC1423), see [https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#exportKey].

How can I decrypt this RSA key with Bouncycastle/Spongycastle?

I've searched Google for quite a long time and only came up with results, that either won't work with version 1.50 (because PEMReader was deprecated and got removed) or with examples of PEMParser who seems to could not read this format. BTW: Is there any documentation on Bouncycastle I missed?

This is the header of my encrypted private key:

-----BEGIN PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,68949227DD8A502D
xyz...

I would really be thankful, if anyone could help me out!

2条回答
你好瞎i
2楼-- · 2020-02-12 18:16

Using the answer for this question you should do the following 

File privateKeyFile = new File(privateKeyFileName); // private key file in PEM format
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
Object object = pemParser.readObject();
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
    kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}

Then you can say 

PrivateKey key = kp.getPrivateKey();
查看更多
0人赞 添加讨论(0) 举报
冷血范
3楼-- · 2020-02-12 18:27

To sum up what I found on this topic here and there :

Here is the final code if you want to get the modulus for example :

// For JcaPEMKeyConverter().setProvider("BC")
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

// Using bcpkix-jdk14-1.48
PEMParser pemParser = new PEMParser(new FileReader(file));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair)
{
    // Encrypted key - we will use provided password
    PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
    kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
}
else
{
    // Unencrypted key - no password needed
    PEMKeyPair ukp = (PEMKeyPair) object;
    kp = converter.getKeyPair(ukp);
}

// RSA
KeyFactory keyFac = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

return privateKey;

And then you can call for example :

privateKey.getModulus();
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)