1

I need to connect to Snowflake using Java using Key File in format P8

class JustTheCode {

public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    String path = "/<path>/app_rsa_key.p8";
    String passphrase = "myKey";//System.getenv("PRIVATE_KEY_PASSPHRASE");
    bcParcer(path,passphrase);
}

private static PrivateKey bcParcer(String keyFilePath, String password)
    throws IOException, OperatorCreationException, PKCSException, Exception {
    PEMParser pemParser = new PEMParser(new FileReader(Paths.get(keyFilePath).toFile()));
    PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();
    pemParser.close();
    InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(
        password.toCharArray());
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(
        BouncyCastleProvider.PROVIDER_NAME);
    PrivateKeyInfo decryptedPrivateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(
        pkcs8Prov);
    PrivateKey privateKey = converter.getPrivateKey(decryptedPrivateKeyInfo);
    System.out.println(privateKey);
    return privateKey;
}

}

When I run the code, I'm getting the error:

    Exception in thread "main" net.snowflake.client.jdbc.internal.org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.3 not available: requires PBE parameters
    at net.snowflake.client.jdbc.internal.org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
    at configmgmt.snowflake.reader.impl.JustTheCode.bcParcer(PrivateKeyReader.java:122)
    at configmgmt.snowflake.reader.impl.JustTheCode.main(PrivateKeyReader.java:102)
Caused by: net.snowflake.client.jdbc.internal.org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.3 not available: requires PBE parameters
    at net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
    ... 3 more
Caused by: java.security.InvalidKeyException: requires PBE parameters
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:186)
    at java.base/javax.crypto.Cipher.implInit(Cipher.java:867)
    at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:929)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1299)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1236)
    ... 4 more
Caused by: java.security.InvalidAlgorithmParameterException: Parameters missing
    at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:214)
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:220)
    at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:184)
    ... 8 more

I am searching but in the documentation there is no information about this configuration: Caused by: java.security.InvalidKeyException: requires PBE parameters

Improve this question
5
  • thanks, yes is something like that: -----BEGIN ENCRYPTED PRIVATE KEY----- ................................/EO/BzIYbeK7YF2HLOO5LTA3/vtRqqyB 0msrCvdErtC5di23AyfGUhEU9IqaGW/FsJs20YShK48R4FAfkd+ttsBDkx9dQoU6 H5BEvN7iyu2aeLj/GLT/IXVRzXsZ02uWH/PSAkI9g0Ff2mn028nBtwb5Xk3hE57n 3GQbLu1r0Il6lyC2........... -----END ENCRYPTED PRIVATE KEY----- Commented Mar 10, 2022 at 20:22
  • No, I can't, the company can fire me :( Commented Mar 10, 2022 at 21:18
  • I checked the key with: openssl rsa -in app_rsa_key.p8 -pubout and the response is: -----BEGIN PUBLIC KEY----- ......pM0AOY1w4Glf5JVk3ZILIAdDG51IQOXtYuirCmyk1mYQr5hRIVTHlZ/s5kREh5LB hepnuXpLicszjPOeNb502U+ZWNBN/7H10zbGVjeVWMgJc7AXAtE/OOTf4cEDHHKL WwIDAQAB -----END PUBLIC KEY----- Commented Mar 10, 2022 at 22:09
  • Try to test the key/pair using SnowSQL and see if they work. Commented Mar 11, 2022 at 8:00
  • After the psvm i'm using Security.addProvider(new BouncyCastleProvider()); Commented Mar 14, 2022 at 18:56

2 Answers 2

Reset to default
2

I found the fix changing the imports:

Previously:

import net.snowflake.client.jdbc.internal.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import net.snowflake.client.jdbc.internal.org.bouncycastle.jce.provider.BouncyCastleProvider;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.PEMParser;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import net.snowflake.client.jdbc.internal.org.bouncycastle.operator.InputDecryptorProvider;
import net.snowflake.client.jdbc.internal.org.bouncycastle.operator.OperatorCreationException;
import net.snowflake.client.jdbc.internal.org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import net.snowflake.client.jdbc.internal.org.bouncycastle.pkcs.PKCSException;

new:

import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

And the pom:

<dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-ext-jdk15on</artifactId>
        <version>1.70</version>
    </dependency>
    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcpkix-jdk15on</artifactId>
        <version>1.70</version>
    </dependency>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Besides having correct imports as in the accepted answer, it's also worth checking if the Security provider registered from the Snowflake jdbc driver is not saved in the Java Security Providers, as it contains different parameters and amount of them - for me it was:

  • 2727 parameters for net.snowflake.client.jdbc.internal.org.bouncycastle.jcajce.provider
  • 2944 parameters for org.bouncycastle.jcajce.provider

Checking Bouncy Castle Security Provider:

Security.getProvider("BC"); //or Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);

Removing existing and registering a new Bouncy Castle Provider from the bcprov-ext-jdk15on library:

import org.bouncycastle.jce.provider.BouncyCastleProvider;

Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.