Kons
Reputation: 73
Unable to use public RSA key (PEM file created with bouncycastle) to encrypt files
I have written a small Java Program that uses BouncyCastle to create public and private RSA keys which it then uses to encrypt/decrypt files. I am able to encrypt and decrypt files using the Java program. I am also able to decrypt an encrypted file using OpenSSL with the keys generated by the program.
The problem is that OpenSSL cannot load the public key to generated by my Java program to encrypt data.
I am going to share the public and private keys I created as a test. I am fully aware that publishing the keys renders them useless for cryptographic purpose, these particular keys are for testing only!!!
Java code:
package test;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.RandomAccessFile;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Scanner;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
public class PublicKeyTest {
public static final int KEY_SIZE = 1024;
public static void main(String[] args) {
System.out.println("0. PK Encrypt File");
System.out.println("1. PK Decrypt File");
System.out.println("2. PK Generate Keys");;
Scanner scan = new Scanner(System.in);
String choicetext = scan.nextLine();
int choice = Integer.parseInt(choicetext);
if (choice == 0) {
System.out.print("Infile: ");
String inpath = scan.nextLine();
System.out.print("Outfile: ");
String outpath = scan.nextLine();
byte[] bytes = FiletoBytes(inpath);
PublicKey publicKey = readPublicKeyNative("./public.pem");
byte[] encryptedBytes = encrypt(bytes, publicKey);
BytestoFile(encryptedBytes, outpath);
} else if (choice == 1) {
System.out.print("Infile: ");
String inpath = scan.nextLine();
System.out.print("Outfile: ");
String outpath = scan.nextLine();
byte[] bytes = FiletoBytes(inpath);
PrivateKey privateKey = readPrivateKeyNative("./private.pem");
byte[] decryptedBytes = decrypt(bytes, privateKey);
BytestoFile(decryptedBytes, outpath);
} else if (choice == 2) {
System.out.print("Public: ");
String publicPath = scan.nextLine();
System.out.print("Private: ");
String privatePath = scan.nextLine();
writeKeys(publicPath, privatePath);
}
scan.close();
}
public static byte[] FiletoBytes(String path) {
byte[] bytes = null;
RandomAccessFile raf;
try {
raf = new RandomAccessFile(path, "rw");
int fileLength = (int) raf.length();
bytes = new byte[fileLength];
raf.read(bytes);
raf.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return bytes;
}
public static void BytestoFile(byte[] bytes, String path) {
RandomAccessFile raf;
try {
raf = new RandomAccessFile(path, "rw");
raf.write(bytes);
raf.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
// PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
// X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static byte[] encrypt(byte[] bytes, PublicKey key) {
byte[] cipherText = null;
try {
// get an RSA cipher object and print the provider
final Cipher cipher = Cipher.getInstance("RSA");
// encrypt the plain text using the public key
cipher.init(Cipher.ENCRYPT_MODE, key);
cipherText = cipher.doFinal(bytes);
} catch (Exception e) {
e.printStackTrace();
}
return cipherText;
}
public static byte[] decrypt(byte[] text, PrivateKey key) {
byte[] decryptedText = null;
try {
// get an RSA cipher object and print the provider
final Cipher cipher = Cipher.getInstance("RSA");
// decrypt the text using the private key
cipher.init(Cipher.DECRYPT_MODE, key);
decryptedText = cipher.doFinal(text);
} catch (Exception ex) {
ex.printStackTrace();
}
return decryptedText;
}
public static void writeKeys(String publicPath,String privatePath){
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
writePemFile(priv, "RSA PRIVATE KEY", privatePath);
writePemFile(pub, "RSA PUBLIC KEY", publicPath);
}
private static KeyPair generateRSAKeyPair(){
KeyPairGenerator generator=null;
try {
generator = KeyPairGenerator.getInstance("RSA", "BC");
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
SecureRandom random = new SecureRandom();
generator.initialize(KEY_SIZE, random);
KeyPair keyPair = generator.generateKeyPair();
return keyPair;
}
public static void writePemFile(Key key, String description,String filename) {
PemObject pemObject = new PemObject(description, key.getEncoded());
PemWriter pemWriter=null;
try {
pemWriter = new PemWriter(new OutputStreamWriter(
new FileOutputStream(filename)));
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
pemWriter.writeObject(pemObject);
pemWriter.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Demonstration of the Problem:
Making the keys
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
2
Public: public.pem
Private: private.pem
[tester@testdb keytest]$ cat public.pem
-----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END RSA PUBLIC KEY-----
[tester@testdb keytest]$ cat private.pem
-----BEGIN RSA PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIFlMA6KA1R5MfMQ
BQaH5zVc2kfm7YBFs1gh+13h0BcvZbqJQNiT1wUJ8ZfinyQEf+K2BtvDogcuLIrZ
/icR26lPyn/u8y8So3/58JpTTmaLGASF9jOVk70ZHMrcZVmuq3OtiIXQGSJ+B//G
aocMXC0sD3KdE0BtSOrmkDPwrIpRAgMBAAECgYAFV7o+P3CXwlFPqe+rL11alLTm
lyBjVX1sPCr222YOLwTSSOyGhMQyDxEMpmzPvefR4pYx6Mf95+gq64lU76XULrj5
+wxlQVj6imMJUSWo5j85TBvcCinzMMylFIiwoZkpjPtmEFznmUcUP3BBCdn6qxIq
3STQGnevExbzKaDpiQJBAMvHJZqSO6Q276Lg6G5jw+k4Ynjk5Z2AWVBBsBEkTcn7
9XBRrQW42gPmN5M7kPI2IQSb4Kjb+rq4kmV2e85vPh8CQQCijip1E4kevrDxr2pb
FHI0Ht86jrx3CTvKYpb+LE/7OI+h+RDRqeOcgP/HSWfOjtH3sRG8PZZeYsolVOr5
7kmPAkA578gAN31fhgMB8yICaLkFsPNGXgXujtRV3ic56HF5cPpqUb54twK9QxIf
+TqPstYWYl8wg0K5Hcr5sAMpQTWPAkAcIn0IvHPcJWccvZ6r2vMVQE6kpPXLqIZ3
te6qWWMSeSyq/R/DGiNyAAXFKVhVMPT4aOZH7WTsOy7/nR36WhrTAkBGP7NfsCGd
wtsfH9n9h1xCBamTguF7XjXELEymfbW+OFbQRYMdu3G2a+yZuswjicoenw5kNLFm
zblu/SZSYUOB
-----END RSA PRIVATE KEY-----
[tester@testdb keytest]$
Create file with secret Message
[tester@testdb keytest]$ echo "secret" > testfile.txt
[tester@testdb keytest]$ cat testfile.txt
secret
Encrypt the file using Java Program
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
0
Infile: testfile.txt
Outfile: testfile_encrypted.txt
[tester@testdb keytest]$ cat testfile_encrypted.txt
~!▒▒
d]`▒g)▒▒▒▒m▒▒Y2▒ؐ▒▒t▒▒⦱▒n▒▒vi▒i▒▒]▒(ʬ▒S▒▒▒▒II▒▒▒19▒▒[~8▒1▒R▒`▒▒q▒▒0d▒#
▒▒
▒ͬ6j▒SF▒s▒▒▒▒R.m▒u▒Q▒V▒rS▒▒T[tester@testdb keytest]$
Decrypt file with Java Program
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
1
Infile: testfile_encrypted.txt
Outfile: testfile_decrypted.txt
[tester@testdb keytest]$ cat testfile_decrypted.txt
secret
[tester@testdb keytest]$
Test Decrypting file with OpenSSL
[tester@testdb keytest]$ cat testfile_encrypted.txt |openssl rsautl -decrypt -inkey private.pem
secret
Test Encrypting separate file with OpenSSL (FAILS)
[tester@testdb keytest]$ cat testfile2.txt
secret2
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public.pem > testfile2_encrypted.txt
unable to load Public Key
Attempting to add an -inform PEM fails with OpenSSL giving a syntax help page
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inform PEM -inkey public.pem > testfile2_encrypted.txt
Usage: rsautl [options]
-in file input file
-out file output file
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is an RSA public
-certin input is a certificate carrying an RSA public key
-ssl use SSL v2 padding
-raw use no padding
-pkcs use PKCS#1 v1.5 padding (default)
-oaep use PKCS#1 OAEP
-sign sign with private key
-verify verify with public key
-encrypt encrypt with public key
-decrypt decrypt with private key
-hexdump hex dump output
-engine e use engine e, possibly a hardware device.
-passin arg pass phrase source
Changing the header and footer don't appear to work
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public.pem > testfile2_encrypted.txt
unable to load Public Key
[tester@testdb keytest]$ cat public2.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END PUBLIC KEY-----
Attempting to Convert the public key with -RSAPublicKey_in failed as well
[tester@testdb keytest]$ openssl rsa -inform PEM -outform -PEM -RSAPublicKey_in -in public.pem -out public2.pem
unable to load Public Key
139808815384480:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
139808815384480:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831:
139808815384480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=n, Type=RSA
139808815384480:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Per jww Removing RSA from the header and footer and passing the key in with "-keyform PEM" works
Why do I have to make these changes? Is there any way to get BouncyCastle to output the PEM files in a way where OpenSSL would take the public key without forcing me to make these changes.
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public^Cem -keyform PEM > testfile2_encrypted.txt
[tester@testdb keytest]$ cat public2.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END PUBLIC KEY-----
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public2.pem -keyform PEM > testfile2_encrypted.txt
[tester@testdb keytest]$ cat testfile2_encrypted.txt |openssl rsautl -decrypt -inkey private.pem > testfile2_decrypted.txt
Why do I get this unable to load Public Key Error?
Upvotes: 2
Views: 7140
Answers (1)
Kons
Reputation: 73
The reason that I was having this issue was due to the way that I created the public and private keys (specifically the public key) through the BouncyCastle API. I was casting the object returned by keyPair.getPrivate(); as a RSAPrivateKey in my writeKeys
OLD CODE:
public static void writeKeys(String publicPath,String privatePath){
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
writePemFile(priv, "RSA PRIVATE KEY", privatePath);
writePemFile(pub, "RSA PUBLIC KEY", publicPath);
}
NEW CODE:
public static void writeKeys(String publicPath, String privatePath) {
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
PrivateKey priv = keyPair.getPrivate();
PublicKey pub = keyPair.getPublic();
writePemFile(priv, "PRIVATE KEY", privatePath);
writePemFile(pub, "PUBLIC KEY", publicPath);
}
Of course, After changing this method I had to also modify my two methods for reading the private key and public key so that It would remove the new header/footers.
OLD CODE:
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
// PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
// X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
NEW CODE:
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
KeyString = KeyString.replaceAll("-----BEGIN PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
byte[] encoded = Base64.getDecoder().decode(KeyString);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
KeyString = KeyString.replaceAll("-----BEGIN PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
Thanks for the help everyone!
Upvotes: 4
Related Questions
- How to load public certificate from pem file?
- Reading PEM-encoded encrypted private key from file in Java
- Importing PEM encrypted key pair in java using bouncycastle
- JAVA: How to save a private key in a pem file with password protection
- Problem transmiting a RSA public key, javaME , bouncy castle
- RSA encrypt with BouncyCastle API
- RSA Decryption using BouncyCastle with private PEM file not working
- Decrypt PEM private (RSA) key with Bouncy Castle
- RSA private Key decryption giving "InvalidCipherTextException" using bouncy castle
- RSA - bouncycastle PEMReader returning PEMKeyPair instead of AsymmetricCipherKeyPair for reading private key