0

i have generate a private key with java code and a save it so:

KeyPair keys;
    try {
        keys = KeyTools.genKeys("2048", AlgorithmConstants.KEYALGORITHM_RSA);
        //SAVE PRIVKEY
        //PrivateKey privKey = keys.getPrivate();
        //byte[] privateKeyBytes = privKey.getEncoded();
        PKCS10CertificationRequest  pkcs10 = new PKCS10CertificationRequest("SHA256WithRSA",
                CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), null, keys.getPrivate());

        //Save Privatekey
        String privateKeyFilename = "C:/Users/l.calicchio/Downloads/privateKey.key";
        String password="prismaPrivateKey";
        byte[] start="-----BEGIN PRIVATE KEY-----\n".getBytes();
        byte[] end="\n-----END PRIVATE KEY-----".getBytes();
        byte[] privateKeyBytes = keys.getPrivate().getEncoded();

        byte[] encryptedPrivateKeyBytes = passwordEncrypt(password.toCharArray(), privateKeyBytes);

        File f=new File(privateKeyFilename);
        if (f.exists()){
            f.delete();
        }

        FileOutputStream fos = new FileOutputStream(f,true);
        fos.write(start);
        fos.write(Base64.encode(encryptedPrivateKeyBytes));
        fos.write(end);
        fos.close();

Now i want add passphrase to private key. so i found this code:

private static byte[] passwordEncrypt(char[] password, byte[] plaintext) throws Exception {
    String MYPBEALG = "PBEWithSHA1AndDESede";

    int count = 20;// hash iteration count
    SecureRandom random = new SecureRandom();
    byte[] salt = new byte[8];
    random.nextBytes(salt);

    // Create PBE parameter set
    PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
    SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG);
    SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

    Cipher pbeCipher = Cipher.getInstance(MYPBEALG);

    // Initialize PBE Cipher with key and parameters
    pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

    // Encrypt the encoded Private Key with the PBE key
    byte[] ciphertext = pbeCipher.doFinal(plaintext);

    // Now construct  PKCS #8 EncryptedPrivateKeyInfo object
    AlgorithmParameters algparms = AlgorithmParameters.getInstance(MYPBEALG);
    algparms.init(pbeParamSpec);
    EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext);

    // and here we have it! a DER encoded PKCS#8 encrypted key!
    return encinfo.getEncoded();

but when i use this openssl command openssl asn1parse -in privateKey.key i have no error, but when i try this: openssl rsa -noout -modulus -in privatekey.it i have a error:

unable to load private key 9964:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as n1\tasn_dec.c:1319: 9964:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 err or:.\crypto\asn1\tasn_dec.c:831: 9964:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e rror:.\crypto\asn1\tasn_dec.c:751:Field=version, Type=PKCS8_PRIV_KEY_INFO 9964:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\p em_pkey.c:132:

I think that the private key is missing the following line: Proc-Type: 4,ENCRYPTED "DEK-Info: " + "AES-256-CBC"...... but how i add this(where i get this information?)? tnx

Improve this question

1 Answer 1

Reset to default
1

Please read the manual, man rsa gives the following details:

Note this command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8 utility.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Anything missing from my answer, luca?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.