InvalidKeyException: invalid key format when reading EC Private Key from PEM file in Java

左心房为你撑大大i 提交于 2021-01-28 16:46:22

问题


I'm trying to create a private key object from a given .pem file. The file has this structure:

-----BEGIN EC PRIVATE KEY-----
...............................
...............................
...............................
-----END EC PRIVATE KEY-----

I am attempting to create the private key object with this code:

public static String getKeyFromFile(String filename) throws IOException {
    File f = new File(filename);
    FileInputStream fis = new FileInputStream(f);
    DataInputStream dis = new DataInputStream(fis);
    byte[] keyBytes = new byte[(int) f.length()];
    dis.readFully(keyBytes);
    dis.close();

    String key = new String(keyBytes);

    return key;
}

public static PrivateKey getPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, NoSuchProviderException {
    String privateKeyPEM = getKeyFromFile("MY_FILE.pem");

    privateKeyPEM = privateKeyPEM.replace("-----BEGIN EC PRIVATE KEY-----\n", "");
    privateKeyPEM = privateKeyPEM.replace("-----END EC PRIVATE KEY-----", "");
    privateKeyPEM = privateKeyPEM.replaceAll("\n", "");
    privateKeyPEM = privateKeyPEM.replaceAll(" ", "");

    byte[] privateKeyBytes = privateKeyPEM.getBytes();
    String encodedString = Base64.getEncoder().encodeToString(privateKeyBytes);
    byte[] decodedString = Base64.getDecoder().decode(encodedString);

    EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(decodedString);
    KeyFactory kf = KeyFactory.getInstance("EC");
    PrivateKey privKey = kf.generatePrivate(privKeySpec);

    return privKey;

Upon running this method, I receive this error:

java.security.InvalidKeyException: invalid key format

I am able to parse the text and strip away any unwanted characters just fine, but I'm not able to create the private key object. I am able to generate a public key object from a similar .crt file using very similar methods. I want to be able to do this solely within Java and no openssl. Any help would be greatly appreciated.


回答1:


Your code does not properly decode the base64 data:

privateKeyPEM contains the String data between the BEGIN and END data (which is base64 encoded).

Your code does the following:

byte[] privateKeyBytes = privateKeyPEM.getBytes();
// privateKeyBytes now contains the base64 encoded key data

String encodedString = Base64.getEncoder().encodeToString(privateKeyBytes);
// encoded String contains now the base64 encoded data of the base64 encoded key data

byte[] decodedString = Base64.getDecoder().decode(encodedString);
// decodedString is not the base64 encoded data of your key data

Why are you encoding the data base64 and then in the next line decoding it - both steps together are just useless.

What you really need is to apply the base64 decode one time onto privateKeyPEM:

byte[] keyData = Base64.getDecoder().decode(privateKeyPEM);
EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(keyData);

If the base64 decode fails then your base64 data is invalid - most likely because of contained spaces or \r.



来源:https://stackoverflow.com/questions/50646421/invalidkeyexception-invalid-key-format-when-reading-ec-private-key-from-pem-fil

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!