InvalidAlgorithmParameterException When Loading Encrypted Private Key With Bouncycastle

Question

I'm trying to read an encrypted DSA private key file with Bouncycastle using this code:

    Security.addProvider(new BouncyCastleProvider());

    ...    

    public PrivateKey loadKey(String fileName, String password) {

        try (PEMParser pemParser = new PEMParser(new InputStreamReader(new FileInputStream(fileName), StandardCharsets.UTF_8))) {

            PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();

            InputDecryptorProvider decryptorProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
            PrivateKeyInfo keyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);

            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
            return converter.getPrivateKey(keyInfo);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

But the method encryptedKeyInfo.decryptPrivateKeyInfo fails with the following exception:

org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.3 not available: requires PBE parameters
    at com.psc.bouncycastle@1.57.0//org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
    at com.my.app.MyClass.loadKey(MyClass.java:96)
    ... 182 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.3 not available: requires PBE parameters
    at com.psc.bouncycastle@1.57.0//org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
    ... 184 more
Caused by: java.security.InvalidKeyException: requires PBE parameters
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:187)
    at java.base/javax.crypto.Cipher.implInit(Cipher.java:839)
    at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:901)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1286)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1223)
    ... 185 more
Caused by: java.security.InvalidAlgorithmParameterException: Parameters missing
    at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:214)
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:221)
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:185)
    ... 189 more

The code seems to work on Java 8, but fails on Java 11. Any ideas?

Answer 1

I had the same error when I was using incorrect Bouncy Castle Security Provider:

Security.getProvider("BC"); //or Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);

Returned a Bouncy Castle Security Provider that was registered by a JDBC driver (jdbc.internal.org.bouncycastle.jcajce.provider) and was containing 2727 parameters.

But when I removed existing, mentioned Provider and registered a new one, provided by bcprov library (org.bouncycastle.jcajce.provider).
I got a Bouncy Castle Provider containing proper 2944 parameters and it started working without the error:

import org.bouncycastle.jce.provider.BouncyCastleProvider;

Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());

To sum up: Please compare your Bouncy Castle providers for both Java versions and make sure you're using a correct one.

Dependencies from my pom file:

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.70</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <version>1.70</version>
        </dependency>