Unable to load an RSA private key in DER format.

[vincentdupaquis]

Hello,

I have an issue I could not figure-out with version 46.0.5 of the library. Some RSA private keys cannot be loaded with this version (works with version 44.0.0). I have checked the version field and possibly supplemental bytes, and also using some external tools, none reported any issue with the key (eg. lapo.it asn.1 decoder, but also one at emvlab.org), and obviously openssl too. Having a look at the RFC 3447 did not give me any clue either :/

Would you be in a position to tell me what possibly I did wrong ?

from cryptography.hazmat.primitives import serialization
key = bytes.fromhex('308204c2020100300d06092a864886f70d0101010500048204ac308204a80201000282010100b01e70256bed28b33ce8bfe1cb4799ee0cf95c48ecb8e7aba8a1dc7c3fbb4150cd311fcb7bccab1e91f6da5d3d46c5808f718f04023bfa4f25c1eacd59fb83b8a1106a4eeb58e641f0a0ac5c8817ce309659ad024ba710c5af557f2a289ccdfd3a8dea5a4ceca0c7c9bf5cd9155c5d8258071b71e02e1ba82448c3e1051b28be547269c04c04cbdfd16b507482b24191d4c9209b7a65496eb992102af82b8284051f983b4cee806156dec082d70f9f0eb8aeb8db587962e66735702eb8a30f2a3ef5be75efce32b5c80d8d12cf3e53bac6e399fc6c7dbe7b9324b38b5dbda88abb9d4f54085dd84028a389fa35f1c9451b2dc39d6fa6702dd637ae58cff6cc4f020301000102820100253e5a92df4ee8b376a6f5a4e71afe2744211b6de47979ac685dca459028a638531c17502d9eeb74ec831a4c6b5fe2f63bdf54d21132e3cd06fc0a0e60fffa2bfa0b819faccf40ea22dba7776de432db3d803b40e804ad5c50a6b0dc96780a6b898d6748af49befa60e491daea547d05ca5dbe65077658ace6f7684cd68a96c3c7077c810109611c72e827398a79f29706340f7d846c73847f2a9f95f4e8fbbc2dc68a57cf4980749ca9987118671b4357f98899262a87ccdec3296022614e5e702d7d16a353aa83377d4ff9d83abf03d4c46fe9658cd1b69557e18680c2554749d245a672a964e24b954eef4ca8ba71fc9181dd34071d0d281ec024088476790282008100e44123d62fb158ddf94297fc1ae43a41ef3122518f7708d58dd6a8c56b865280d9019f63eaebfd2e300f136ce1ba4dd0706de240d28014ed47a9bd15c9b6d1171c94fe8a681217d5e2fe286b67cdee72f2041d2bdecff85e419a14582914b6c7e1f8f15b58aa8e2a1ec7b3dd93ea762fb6dfca578eefac3fbe78327f39f0f3350282008100c586ef6bb2cee96555385d1d5d1e7d836b1b214378ff5bb73fa92d4619efd1ea0f4e6bd709e98b1f415ea9fcfcc60e7f1d1b041afaf1617d896cd966ffda70baa043a6d9fe2b879085886e12554eae1f5d2bccdfd22fc1364a91ae35e0fc66289bf45c097d6799bdf4e1d48315b2bd8f5c4c14e4c15c8c404eaf477c8cd54df30282008013b122fc5984fd5bb9236ba54e549e4a0deeb93d3c1952e3c9a6d94c9ee829b9fffec9d77eeef91ac0feabf85ac90de98ba98f39746fa45e8c2e32a7ec8d1f20d5506d5d5779282145c2138ea097fd986114c5c781238413eda8f3545fc6efb5f2e2dd3fba388ca7499c8501fabee18f6041925d577189f4bde3f4c751225e790282008100b7b8559ffa63f139cb15eda58e22f9e2ee1001d45c0a47281e122085ff41cc20c3b3d121e59a4f47f6e9317a99312df29503b7c1d07e0a8b54f2e512a40e6ca368c503bfe6645e66d18c9fb4759c04e02f2cba15c3cd9f0bfc379bad8961b933343b080fdb902cb33dbd7e879dfaedcd15afbe0f36b9f9c92666693b33528279028200802ecb258e59534fe75a841784d3f2325a88d85bf1224c870f178da7f620a7c1372e6317e9da6a7bfd40f7d79eeb67bd2fa3ca3c843a9c8de0d06e0ee2f3d92944c91db956002dabeddf4d8da07aa9750fc42ecb1614a9a9a6fbab04d22fc3dc6f3af83a23d15d987dc270702398258207a9053b0c14fee83adec1863b75090c1f')
pr = serialization.load_der_private_key(key, None)

The issue I meet is :
ValueError: Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters). Details: ASN.1 parsing error: unexpected tag (got Tag { value: 2, constructed: false, class: Universal })

Would you have some time to have a look at it ?

Regards,
Vincent.

[reaperhulk]

Your data is in PEM format, not DER.

[vincentdupaquis]

I do not think so, it is DER (represented in hex, but converted on the first line).
Note that the same DER loads correctly with version 44.0.0 using load_der_private_key() too.

[DemiMarie]

Is your key actually in DER format, or is it really BER?

[vincentdupaquis]

It is intended to be DER, doyou have any doubt/clues it is not the case ?

[alex]

I think this is mis-encoded as BER. If I look at this under der2ascii I see that some of the tags are in long-form:

~ ❯❯❯ pbpaste | xxd -r -p | der2ascii
SEQUENCE {
  INTEGER { 0 }
  SEQUENCE {
    # rsaEncryption
    OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
    NULL {}
  }
  OCTET_STRING {
    SEQUENCE {
      INTEGER { 0 }
      INTEGER { `00b01e70256bed28b33ce8bfe1cb4799ee0cf95c48ecb8e7aba8a1dc7c3fbb4150cd311fcb7bccab1e91f6da5d3d46c5808f718f04023bfa4f25c1eacd59fb83b8a1106a4eeb58e641f0a0ac5c8817ce309659ad024ba710c5af557f2a289ccdfd3a8dea5a4ceca0c7c9bf5cd9155c5d8258071b71e02e1ba82448c3e1051b28be547269c04c04cbdfd16b507482b24191d4c9209b7a65496eb992102af82b8284051f983b4cee806156dec082d70f9f0eb8aeb8db587962e66735702eb8a30f2a3ef5be75efce32b5c80d8d12cf3e53bac6e399fc6c7dbe7b9324b38b5dbda88abb9d4f54085dd84028a389fa35f1c9451b2dc39d6fa6702dd637ae58cff6cc4f` }
      INTEGER { 65537 }
      INTEGER { `253e5a92df4ee8b376a6f5a4e71afe2744211b6de47979ac685dca459028a638531c17502d9eeb74ec831a4c6b5fe2f63bdf54d21132e3cd06fc0a0e60fffa2bfa0b819faccf40ea22dba7776de432db3d803b40e804ad5c50a6b0dc96780a6b898d6748af49befa60e491daea547d05ca5dbe65077658ace6f7684cd68a96c3c7077c810109611c72e827398a79f29706340f7d846c73847f2a9f95f4e8fbbc2dc68a57cf4980749ca9987118671b4357f98899262a87ccdec3296022614e5e702d7d16a353aa83377d4ff9d83abf03d4c46fe9658cd1b69557e18680c2554749d245a672a964e24b954eef4ca8ba71fc9181dd34071d0d281ec02408847679` }
      INTEGER long-form:2 { `00e44123d62fb158ddf94297fc1ae43a41ef3122518f7708d58dd6a8c56b865280d9019f63eaebfd2e300f136ce1ba4dd0706de240d28014ed47a9bd15c9b6d1171c94fe8a681217d5e2fe286b67cdee72f2041d2bdecff85e419a14582914b6c7e1f8f15b58aa8e2a1ec7b3dd93ea762fb6dfca578eefac3fbe78327f39f0f335` }
      INTEGER long-form:2 { `00c586ef6bb2cee96555385d1d5d1e7d836b1b214378ff5bb73fa92d4619efd1ea0f4e6bd709e98b1f415ea9fcfcc60e7f1d1b041afaf1617d896cd966ffda70baa043a6d9fe2b879085886e12554eae1f5d2bccdfd22fc1364a91ae35e0fc66289bf45c097d6799bdf4e1d48315b2bd8f5c4c14e4c15c8c404eaf477c8cd54df3` }
      INTEGER long-form:2 { `13b122fc5984fd5bb9236ba54e549e4a0deeb93d3c1952e3c9a6d94c9ee829b9fffec9d77eeef91ac0feabf85ac90de98ba98f39746fa45e8c2e32a7ec8d1f20d5506d5d5779282145c2138ea097fd986114c5c781238413eda8f3545fc6efb5f2e2dd3fba388ca7499c8501fabee18f6041925d577189f4bde3f4c751225e79` }
      INTEGER long-form:2 { `00b7b8559ffa63f139cb15eda58e22f9e2ee1001d45c0a47281e122085ff41cc20c3b3d121e59a4f47f6e9317a99312df29503b7c1d07e0a8b54f2e512a40e6ca368c503bfe6645e66d18c9fb4759c04e02f2cba15c3cd9f0bfc379bad8961b933343b080fdb902cb33dbd7e879dfaedcd15afbe0f36b9f9c92666693b33528279` }
      INTEGER long-form:2 { `2ecb258e59534fe75a841784d3f2325a88d85bf1224c870f178da7f620a7c1372e6317e9da6a7bfd40f7d79eeb67bd2fa3ca3c843a9c8de0d06e0ee2f3d92944c91db956002dabeddf4d8da07aa9750fc42ecb1614a9a9a6fbab04d22fc3dc6f3af83a23d15d987dc270702398258207a9053b0c14fee83adec1863b75090c1f` }
    }
  }
}

[vincentdupaquis]

You are right !
the fields you point out have a long length (>127 bytes), and indeed are wrongly encoded.

02 82 00 80 xx xx xx ... instead of 02 81 80 xx xx xx ...

[vincentdupaquis]

An easy fix is simply to use openssl :
openssl rsa -inform DER -outform DER -in <faulty DER file> -out <well encoded DER file>