使用 bouncycastle/spongycastle 读取加密的私钥

Question

I have a password protected, encrypted RSA private key, which was created with PyCrypto (2.6.1) and has according to their docs the following format: PrivateKeyInfo, PKCS#8 (DER SEQUENCE), PEM (RFC1423) , see [ https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#exportKey] .我有一个受密码保护的加密 RSA 私钥，它是用 PyCrypto (2.6.1) 创建的，根据他们的文档具有以下格式： PrivateKeyInfo, PKCS#8 (DER SEQUENCE), PEM (RFC1423) ，参见 [ https: //www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#exportKey] .

How can I decrypt this RSA key with Bouncycastle/Spongycastle?如何使用 Bouncycastle/Spongycastle 解密此 RSA 密钥？

I've searched Google for quite a long time and only came up with results, that either won't work with version 1.50 (because PEMReader was deprecated and got removed) or with examples of PEMParser who seems to could not read this format.我已经在 Google 上搜索了很长时间，但只得到了一些结果，该结果要么不适用于 1.50 版（因为 PEMReader 已被弃用并已被删除），要么使用似乎无法读取这种格式的 PEMParser 示例。 BTW: Is there any documentation on Bouncycastle I missed?顺便说一句：我错过了有关 Bouncycastle 的任何文档吗？

This is the header of my encrypted private key:这是我加密的私钥的标题：

-----BEGIN PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,68949227DD8A502D
xyz...

I would really be thankful, if anyone could help me out!我真的很感激，如果有人能帮助我！

Answer 1

To sum up what I found on this topic here and there : 要总结一下我对这个话题发现这里和那里：

Here is the final code if you want to get the modulus for example : 如果你想获得模数，这是最终的代码：

// For JcaPEMKeyConverter().setProvider("BC")
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

// Using bcpkix-jdk14-1.48
PEMParser pemParser = new PEMParser(new FileReader(file));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair)
{
    // Encrypted key - we will use provided password
    PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
    kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
}
else
{
    // Unencrypted key - no password needed
    PEMKeyPair ukp = (PEMKeyPair) object;
    kp = converter.getKeyPair(ukp);
}

// RSA
KeyFactory keyFac = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

return privateKey;

And then you can call for example : 然后你可以打电话给例如：

privateKey.getModulus();

Answer 2

Using the answer for this question you should do the following 使用此问题的答案，您应该执行以下操作

File privateKeyFile = new File(privateKeyFileName); // private key file in PEM format
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
Object object = pemParser.readObject();
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
    kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}

Then you can say 然后你可以说

PrivateKey key = kp.getPrivateKey();

Answer 3

The following static method will handle all the following PEM encoding styles for encrypted private keys:以下静态方法将处理加密私钥的以下所有 PEM 编码样式：

-----BEGIN ENCRYPTED PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----

First ensure that you've registered BC as a security provider then you can use this method:首先确保您已将 BC 注册为安全提供商，然后您可以使用此方法：

  static public PrivateKey stringToPrivateKey(String s, String password)
      throws IOException, PKCSException {

    PrivateKeyInfo pki;

    try (PEMParser pemParser = new PEMParser(new StringReader(s))) {

      Object o = pemParser.readObject();

      if (o instanceof PKCS8EncryptedPrivateKeyInfo) {

        PKCS8EncryptedPrivateKeyInfo epki = (PKCS8EncryptedPrivateKeyInfo) o;

        JcePKCSPBEInputDecryptorProviderBuilder builder =
            new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bc);

        InputDecryptorProvider idp = builder.build(password.toCharArray());

        pki = epki.decryptPrivateKeyInfo(idp);
      } else if (o instanceof PEMEncryptedKeyPair) {

        PEMEncryptedKeyPair epki = (PEMEncryptedKeyPair) o;
        PEMKeyPair pkp = epki.decryptKeyPair(new BcPEMDecryptorProvider(password.toCharArray()));

        pki = pkp.getPrivateKeyInfo();
      } else {
        throw new PKCSException("Invalid encrypted private key class: " + o.getClass().getName());
      }

      JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(bc);
      return converter.getPrivateKey(pki);
    }
  }

Answer 4

   //https://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file
//https://stackoverflow.com/questions/5271189/how-to-convert-a-pkcs8-encoded-rsa-key-into-pkcs1-in-java
//https://stackoverflow.com/questions/22920131/read-an-encrypted-private-key-with-bouncycastle-spongycastle
private static void decrypt() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    // For JcaPEMKeyConverter().setProvider("BC")
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    String caPrivateKeyFname = "E:\\xxx\\key.pem";

    FileInputStream fis = null;
    try {
        fis = new FileInputStream(caPrivateKeyFname);
    } catch (FileNotFoundException e) {
        e.printStackTrace();
    }

    //Load and parse PEM object
    PEMParser pemParser = new PEMParser(new InputStreamReader(fis));
    Object object = pemParser.readObject();
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
    KeyPair kp;
    //password
    String pwd = "typePassword";
    if (object instanceof PEMEncryptedKeyPair) {
        // Encrypted key - we will use provided password
        PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
        PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(pwd.toCharArray());
        kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
    } else {
        // Unencrypted key - no password needed
        PEMKeyPair ukp = (PEMKeyPair) object;
        kp = converter.getKeyPair(ukp);
    }
    // RSA
    KeyFactory keyFac = KeyFactory.getInstance("RSA");
    RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

    PrivateKey privateKey1 = keyFac.generatePrivate(privateKey);
    //This is the same as the output below
    Base64Encoder.encode(privateKey1.getEncoded());

    PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privateKey1.getEncoded());
    ASN1Encodable privateKeyPKCS1ASN1Encodable = pkInfo.parsePrivateKey();
    ASN1Primitive privateKeyPKCS1ASN1 = privateKeyPKCS1ASN1Encodable.toASN1Primitive();
    SONBASE64Encoder encoder = new SONBASE64Encoder();
    System.out.println(encoder.encode(privateKeyPKCS1ASN1.getEncoded()));

}

The above code should solve the decryption problem and put pkcs8 encoded rsa-key into pkcs1上面的代码应该解决了解密问题，将pkcs8编码的rsa-key放入pkcs1

使用 bouncycastle/spongycastle 读取加密的私钥

问题描述

4 个解决方案

解决方案1
8 2014-06-17 11:15:16

解决方案2
2 2014-05-08 07:19:09

解决方案3
2 2020-07-05 11:06:01

解决方案4
0 2021-08-23 02:05:40

使用 bouncycastle/spongycastle 读取加密的私钥

问题描述

4 个解决方案

解决方案1 8 2014-06-17 11:15:16

解决方案2 2 2014-05-08 07:19:09

解决方案3 2 2020-07-05 11:06:01

解决方案4 0 2021-08-23 02:05:40

解决方案1
8 2014-06-17 11:15:16

解决方案2
2 2014-05-08 07:19:09

解决方案3
2 2020-07-05 11:06:01

解决方案4
0 2021-08-23 02:05:40