How to get the java.security.PrivateKey object from RSA Privatekey.pem file?
Asked Answered
Y

1

12

I have a RSA private key file (OCkey.pem). Using java i have to get the private key from this file. this key is generated using the below openssl command. Note : I can't change anything on this openssl command below.

openssl> req -newkey rsa:1024 -sha1 -keyout OCkey.pem -out OCreq.pem -subj "/C=country/L=city/O=OC/OU=myLab/CN=OCserverName/" -config req.conf

The certificate looks like below.

///////////////////////////////////////////////////////////
bash-3.00$ less OCkey.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,EA1DBF8D142621BF

BYyZuqyqq9+L0UT8UxwkDHX7P7YxpKugTXE8NCLQWhdS3EksMsv4xNQsZSVrJxE3
Ft9veWuk+PlFVQG2utZlWxTYsUVIJg4KF7EgCbyPbN1cyjsi9FMfmlPXQyCJ72rd
...
...
cBlG80PT4t27h01gcCFRCBGHxiidh5LAATkApZMSfe6BBv4hYjkCmg==
-----END RSA PRIVATE KEY-----
//////////////////////////////////////////////////////////////

Following is what I tried

byte[] privKeyBytes = new byte[(int)new File("C:/OCkey.pem").length()]; 
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(privKeyBytes));

but getting

"java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format"

Please help.

Yielding answered 23/9, 2011 at 7:31 Comment(1)
Make sure the privatekey is in DER format and you're using the correct keyspec. I believe you should be using PKCS8 here for the privkeybytes.Custos
C
16

Make sure the privatekey is in DER format and you're using the correct keyspec. I believe you should be using PKCS8 here for the privkeybytes

Firstly, you need to convert the private key to binary DER format. Heres how you would do it using OpenSSL:

openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem -out private_key.der -nocrypt

Finally,

public static PrivateKey getPrivateKey(String filename) throws Exception {

        File f = new File(filename);
        FileInputStream fis = new FileInputStream(f);
        DataInputStream dis = new DataInputStream(fis);
        byte[] keyBytes = new byte[(int) f.length()];
        dis.readFully(keyBytes);
        dis.close();

        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        return kf.generatePrivate(spec);
    }
Custos answered 23/9, 2011 at 12:39 Comment(2)
I have been looking for a way to solve this for some days. Great solution. However the PEM parameter did not work for me, but skipping it dit not cause problems.Juba
I'm sorry, but you forgot to include the import statement at the beginning of your solution.Local

© 2022 - 2024 — McMap. All rights reserved.