Steps to reproduce:
- Generate keys the following way, using openssl-1.1.+ (I used 1.1.0):
- ssh-keygen -t rsa -f ~/.ssh/testkey -C "testkey@exmaple.com"
- ssh-keygen -f testkey.pub -e -m PKCS8 > testkey.pub.pem
- openssl pkcs8 -topk8 -inform PEM -in testkey -out testkey.pem
- The java code:
try {
JceOpenSSLPKCS8DecryptorProviderBuilder jce = new JceOpenSSLPKCS8DecryptorProviderBuilder();
FileReader fileReader = new FileReader(privateKeyPath);
PEMParser keyReader = new PEMParser(fileReader);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PKCS8EncryptedPrivateKeyInfo keyPair = (PKCS8EncryptedPrivateKeyInfo) keyReader.readObject();
jce.setProvider("BC");
InputDecryptorProvider decProv = jce.build(keyPassword.toCharArray());
PrivateKeyInfo info = keyPair.decryptPrivateKeyInfo(decProv);
keyReader.close();
return (RSAPrivateKey) converter.getPrivateKey(info);
}catch ( IOException | PKCSException | OperatorCreationException e) {
e.printStackTrace();
return null;
}
}
Behavior:
Throws exception :
org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: javax.crypto.BadPaddingException: pad block corrupted
Expected behavior:
Read the key as it does with keys generated the same way as mentioned in 1. , but with openssl-1.0.2g (for example)
Steps to reproduce:
Behavior:
Throws exception :
org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: javax.crypto.BadPaddingException: pad block corruptedExpected behavior:
Read the key as it does with keys generated the same way as mentioned in 1. , but with openssl-1.0.2g (for example)