Getting RSA private key from PEM BASE64 Encoded private key file

by

This is PKCS#1 format of a private key. Try this code. It doesn’t use Bouncy Castle or other third-party crypto providers. Just java.security and sun.security for DER sequece parsing. Also it supports parsing of a private key in PKCS#8 format (PEM file that has a header “—–BEGIN PRIVATE KEY—–“).

import sun.security.util.DerInputStream;
import sun.security.util.DerValue;

import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Base64;

public static PrivateKey pemFileLoadPrivateKeyPkcs1OrPkcs8Encoded(File pemFileName) throws GeneralSecurityException, IOException {
        // PKCS#8 format
        final String PEM_PRIVATE_START = "-----BEGIN PRIVATE KEY-----";
        final String PEM_PRIVATE_END = "-----END PRIVATE KEY-----";

        // PKCS#1 format
        final String PEM_RSA_PRIVATE_START = "-----BEGIN RSA PRIVATE KEY-----";
        final String PEM_RSA_PRIVATE_END = "-----END RSA PRIVATE KEY-----";

        Path path = Paths.get(pemFileName.getAbsolutePath());

        String privateKeyPem = new String(Files.readAllBytes(path));

        if (privateKeyPem.indexOf(PEM_PRIVATE_START) != -1) { // PKCS#8 format
            privateKeyPem = privateKeyPem.replace(PEM_PRIVATE_START, "").replace(PEM_PRIVATE_END, "");
            privateKeyPem = privateKeyPem.replaceAll("\\s", "");

            byte[] pkcs8EncodedKey = Base64.getDecoder().decode(privateKeyPem);

            KeyFactory factory = KeyFactory.getInstance("RSA");
            return factory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8EncodedKey));

        } else if (privateKeyPem.indexOf(PEM_RSA_PRIVATE_START) != -1) {  // PKCS#1 format

            privateKeyPem = privateKeyPem.replace(PEM_RSA_PRIVATE_START, "").replace(PEM_RSA_PRIVATE_END, "");
            privateKeyPem = privateKeyPem.replaceAll("\\s", "");

            DerInputStream derReader = new DerInputStream(Base64.getDecoder().decode(privateKeyPem));

            DerValue[] seq = derReader.getSequence(0);

            if (seq.length < 9) {
                throw new GeneralSecurityException("Could not parse a PKCS1 private key.");
            }

            // skip version seq[0];
            BigInteger modulus = seq[1].getBigInteger();
            BigInteger publicExp = seq[2].getBigInteger();
            BigInteger privateExp = seq[3].getBigInteger();
            BigInteger prime1 = seq[4].getBigInteger();
            BigInteger prime2 = seq[5].getBigInteger();
            BigInteger exp1 = seq[6].getBigInteger();
            BigInteger exp2 = seq[7].getBigInteger();
            BigInteger crtCoef = seq[8].getBigInteger();

            RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

            KeyFactory factory = KeyFactory.getInstance("RSA");

            return factory.generatePrivate(keySpec);
        }

        throw new GeneralSecurityException("Not supported format of a private key");
    }

More Related Contents:

  1. Self signed X509 Certificate with Bouncy Castle in Java
  2. How to read .pem file to get private and public key
  3. How do I do TLS with BouncyCastle?
  4. Java 256-bit AES Password-Based Encryption
  5. why doesn’t java send the client certificate during SSL handshake?
  6. Java SecurityException: signer information does not match
  7. Encrypt Password in Configuration Files? [closed]
  8. Java default Crypto/AES behavior
  9. How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?
  10. PKIX path building failed: unable to find valid certification path to requested target
  11. Given final block not properly padded
  12. Difference between java.util.Random and java.security.SecureRandom
  13. How to extract CN from X509Certificate in Java?
  14. Generate and Sign Certificate Request using pure .net Framework
  15. Loading raw 64-byte long ECDSA public key in Java
  16. How to hash a string in Android?
  17. What is the certificate enrollment process?
  18. How to convert .pfx file to keystore with private key?
  19. Generating RSA keys in PKCS#1 format in Java
  20. Better way to create AES keys than seeding SecureRandom
  21. How do I sign a Java applet for use in a browser?
  22. Decrypting an OpenSSL PEM Encoded RSA private key with Java?
  23. iText/BouncyCastle ClassNotFound org.bouncycastle.asn1.DEREncodable and org.bouncycastle.tsp.TimeStampTokenInfo
  24. How can I get a PublicKey object from EC public key bytes?
  25. Crash casting AndroidKeyStoreRSAPrivateKey to RSAPrivateKey
  26. SecureRandom with NativePRNG vs SHA1PRNG
  27. Encrypt with Node.js Crypto module and decrypt with Java (in Android app)
  28. How are the IV and authentication tag handled for “AES/GCM/NoPadding”?
  29. Can we load multiple Certificates & Keys in a Key Store?
  30. Breaking down RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Leave a Comment