Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Decrypting RSA private key into keystore

843811Jan 31 2003 — edited Dec 1 2003
Hello,

I've spent the last couple of days trying to figure out how to take a
encrypted private key in a PEM file like that shown below, decrypt it (I know the password) and store it in a java keystore.

I've done this successfully with openssl by:

1. First removing the password from the file (decrypting the key)
2. Converting the resultant PEM file into PKCS#8 DER format
3. Using Java code to create a private key from the DER file using the PKCS8EncodedKeySpec class.

All that works, but my problem is that I want to do this programmatically in Java without using openssl or keytool.

How would I go about decrypting the key knowing the password? I understand the seed value for the decryption is contained in the header stuff: CD0C29BEBBAC917A. I have no idea about the count value.

I understand that the PEM file format is the base64 encoded version of the DER
info with added headers. I'm wondering though if the decrypted key would be in
PKCS#8 or some other format. I would need it in PKCS#8 format for use with PKCS8EncodedKeySpec.

Does anyone have a code snippet they could provide that does the decryption? It would be greatly appreciated.

TIA,

Craig Lindley
Sun Microsystems, Inc.



-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CD0C29BEBBAC917A

juQwj9KFb2PAAoyQwwGXTRpb2h2dJcZw50QF68oBOe1pS55u7q4sCfNlyME4RXRI
KOQIR/I6JOfEJZhn8nOYUwUgAOBph2zw6aK8LqXRPVm7f20zcJz0JO6X+Gsj6MpT
RLeOlO/1YzIKX5KU8Yre5NWgdYZMYQerhZuEhDM0I6FfW/0rhlCKW++98eC0NGo+
9liRHW/J4ukhXuxbhbfZiawFDgXFRAc91SnjmcDON/OKonZKv3JHk7KWeaGdtMnw
6zBOL6Xrtaq9101TaVditb3KQyitiTribZNl0t0E5L/aAR1OaPusfyEhHuemPudp
SDAMPW002OEx6oakniN5wxJITh3DRuLNafXiUEQvSfOd+RKABG0UFM/Jw7j2UYo6
fF0ZenVIxNE41MbbVz7BLAkvYOmT0CmyONDhF13tr3pLDnpvJCyn+WybYewbnzEr
ey/LI8pJ2YK+wISUZotsyYFSlGtnVLeR+Gwsi8hntmKnrrFJFPduk+/3AuNNpZI5
/uNJWhFPfKEOx1NFNZPURDi4battz4Br2xo5PLpXGbUJy6JmKtQ5irTHp/Wog92f
SkdE7Q/XkEdqE6ODnc3uGj72seLn9UQLKHwfrDSFcFJAL/YooeeHS771o53tavtW
Z6CKk9DL58a9eIsGgeSWCkTJQ5OCTPFbeyiHfu0Munhf9w8qZPmKurTNsUKXb+/D
pPH3Px40OyxlTVGoN+ibqWAnLnKF1DhyKsiYALuGPBAt6DZaSmCNi6YMAUTh70v/
dL6EzhToi734BtoS+1n28P1YA2zLKa0utbFU72pNOROVKKhWXJuwzQ==
-----END RSA PRIVATE KEY-----
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 29 2003
Added on Jan 31 2003
#other-security-apis-tools-and-issues
2 comments
824 views