We Keep Coding

Convert PKCS#8 Private key to PKCS#1 Private key using java

I have a PKCS#8 private key as a string in a variable. How to convert that into a PKCS#1 private key as a string
In other words, how to convert the below content
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
to
-----BEING RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
using java
PS: There is a straight forward solution in python here - Python convert Private Key to RSA Key
Can some please give some pointers on how to do in Java

One possibility is BouncyCastle. This supports parsing and writing of PEM encoded keys as well as the conversion from PKCS#8 to PKCS#1:
import java.io.StringReader;
import java.io.StringWriter;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
...
String pkcs8pem = "-----BEGIN PRIVATE KEY-----...";
// Parse
PEMParser pemParser = new PEMParser(new StringReader(pkcs8pem));
PrivateKeyInfo pkInfo = ((PrivateKeyInfo)pemParser.readObject());
pemParser.close();
// Convert
ASN1Encodable pkcs1ASN1Encodable = pkInfo.parsePrivateKey();
ASN1Primitive privateKeyPkcs1ASN1 = pkcs1ASN1Encodable.toASN1Primitive();
// Write
StringWriter stringWriter = new StringWriter();
JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
jcaPEMWriter.writeObject((PemObjectGenerator)new PemObject("RSA PRIVATE KEY", privateKeyPkcs1ASN1.getEncoded()));
jcaPEMWriter.close();
String pkcs1pem = stringWriter.toString(); // -----BEGIN RSA PRIVATE KEY-----...

PEMException: unable to convert key pair: null

I'm trying to run the following program:
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.PEMKeyPair;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.KeyPair;
import java.security.KeyFactory;
import java.io.StringReader;
import javax.crypto.Cipher;
import java.util.Base64;
import java.security.interfaces.RSAPrivateKey;
public class Test
{
public static void main(String[] args) throws Exception
{
Security.addProvider(new BouncyCastleProvider());
String key = "-----BEGIN RSA PRIVATE KEY-----" +
"MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu" +
"KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm" +
"o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k" +
"TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7" +
"9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy" +
"v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs" +
"/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00" +
"-----END RSA PRIVATE KEY-----";
String ciphertext = "L812/9Y8TSpwErlLR6Bz4J3uR/T5YaqtTtB5jxtD1qazGPI5t15V9drWi58colGOZFeCnGKpCrtQWKk4HWRocQ==";
// load the private key
PEMParser pemParser = new PEMParser(new StringReader(key));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair keyPair = converter.getKeyPair((PEMKeyPair) pemParser.readObject());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKeySpec = keyFactory.getKeySpec(keyPair.getPrivate(), RSAPrivateCrtKeySpec.class);
RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
// load the ciphertext
byte[] cipherBytes = Base64.getDecoder().decode(ciphertext);
// perform the actual decryption
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] plaintext = cipher.doFinal(cipherBytes);
}
}
It was able to compile without issue but when I try to run it I get the following error:
Exception in thread "main" org.bouncycastle.openssl.PEMException: unable to convert key pair: null
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
at Test.main(MyTest.java:35)
Caused by: java.lang.NullPointerException
... 2 more
So I guess getKeyPair doesn't like (PEMKeyPair) pemParser.readObject(). Well that's what I got from Get a PrivateKey from a RSA .pem file...

I had a similar issue and was able to solve it by altering the key from
-----BEGIN RSA PRIVATE KEY-----
.....content here.....
-----END RSA PRIVATE KEY-----
to:
-----BEGIN EC PRIVATE KEY-----
.....content here.....
-----END EC PRIVATE KEY-----
Since you are working with an RSA instance and not an elliptic curve (EC) this might not be the source of your problems but maybe it helps someone.

Given a public key string, how to create an instance of RSAPublicKey

I have an actual public key string like:
-----BEGIN PUBLIC KEY-----
flajeleofancncMFLDFJOEEFJC9209ueq33rlsjfa3B ...
-----END PUBLIC KEY-----
In order to create an auth0/java-jwt-library Algorithm to sign my JWT, I need a java.security.interfaces.RSAPublicKey-implementation instance. How would I go about creating that instance given public key string? If it helps, I also have the private key string.
I'm just starting out. So, I'm open to simpler ways to signing my JWT.

import java.security.KeyFactory;
import java.security.spec.X509EncodedKeySpec;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.EncodedKeySpec;
import java.security.interfaces.RSAPrivateKey;
...
String algorithm = "RSA" // for example
KeyFactory kf = KeyFactory.getInstance(algorithm);
String publicKeyStr = "-----BEGIN PUBLIC KEY-----f24Defosfvak-----END PUBLIC KEY-----"
EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyStr.getBytes());
RSAPublicKey publicKey = kf.generatePublic(keySpec);

Connecting to SOAP with WSS using two pem files

A 3rd-party-app, which uses OASIS Web Services Security (WSS) for their SOAP authorization, provided me with following two pem files:
ws-client.pem
-----BEGIN CERTIFICATE-----
VQQKDAxCZWFyaW5nUG9pbnQxFDASBgNVBAcMC0TDvHNzZWxkb3JmMQkwBwYDVQQI
[..]
CCsGAQUFBwMCBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAY8MiqxLIE+dQ
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
XKJyj28HAgMBAAECggEATF3hM/l2mIDFkJ69kskJUep/+ejl33AXVc9akY7gocLV
[..]
P+htLANmvC29Z5eFgkotZsAQoRi+L4gNsH1kbWHxcYA6YWRCHtpTYsa6/agUnywq
-----END RSA PRIVATE KEY-----
ws-server.pem
-----BEGIN CERTIFICATE-----
cmcxCzAJBgNVBAYTAkRFMB4XDTE3MTExNDExMjA1NloXDTI3MTExNDExMjA1Nlow
[..]
z6RWmsrSfLXGAM5QL4CCDzMth2AP8WzksMzW6dD6qK5/X9yD3g2GRXbHbtnvl6fk
-----END CERTIFICATE-----
The last two days I tried a lot of different approaches, followed several examples.. using curl, nodejs, java etc.. with no success.
This is my latest code:
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.openssl.PEMReader
import java.security.*
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
class WsSecurityHandler {
private static final char[] KSPASSWORD = null
WsSecurityHandler() {
Security.addProvider(new BouncyCastleProvider())
}
private PrivateKey getPrivateKey() throws IOException {
InputStream pemClientInput = getClass().getClassLoader().getResourceAsStream("pem/ws-client.pem")
Reader reader = new InputStreamReader(pemClientInput, "UTF8")
PEMReader pemReader = new PEMReader(reader)
PrivateKey privateKey = (PrivateKey) pemReader.readObject()
pemReader.close()
return privateKey
}
private X509Certificate getPublicCertificate() throws IOException {
InputStream pemServerInput = getClass().getClassLoader().getResourceAsStream("pem/ws-server.pem")
Reader reader = new InputStreamReader(pemServerInput, "UTF8")
PEMReader pemReader = new PEMReader(reader)
X509Certificate certificate = (X509Certificate) pemReader.readObject()
pemReader.close()
return certificate
}
void initKeyStore() throws IOException {
PrivateKey privateKey = getPrivateKey()
X509Certificate certificate = getPublicCertificate()
Certificate[] chain = new Certificate[1]
chain[0] = certificate
try {
KeyStore ks = KeyStore.getInstance("JKS")
ks.load(null, KSPASSWORD)
ks.setKeyEntry("FooBar", privateKey, KSPASSWORD, chain)
} catch (NoSuchAlgorithmException e) {
e.printStackTrace()
} catch (KeyStoreException e) {
e.printStackTrace()
} catch (CertificateException e) {
e.printStackTrace()
}
}
}
which fails at line
PrivateKey privateKey = (PrivateKey) pemReader.readObject()
with:
Exception in thread "main"
org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot
cast object with class
'org.bouncycastle.jce.provider.X509CertificateObject' to class
'java.security.PrivateKey'
I am somehow getting the impression that I misunderstood a big part in this topic.. So it comes to this kind of embarrassing question:
How exactly do I prepare my application to be able to connect to this WSS-SOAP-API?

How do I generate RSA key pair in JAVA (in openssl format)

How can I generate RSA key pair in Java using the format supported by OpenSSL?
Is there a way to generate them straight away like how we do in php?
the output should be like :
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qa9WiabsxGv2uJBNNFn
Ai3vEDF7Evr85RlgrviUSzkSupEH29PaazKX04/4M7mEQswVZOHSzkFRXiviImi1
c1UrWlZENctS3A6P3RSqOonzrw6CVDJ4Nn/iydWlHhFaHBPpCopS537iHvJIey7K
-----END PUBLIC KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDdBr1aJpuzEa/a
4kE00WcCLe8QMXsS+vzlGWCu+JRLORK6kQfb09prMpfTj/gzuYRCzBVk4dLOQVFe
K+IiaLVzVStaVkQ1y1LcDo/dFKo6ifOvDoJUMng2f+LJ1aUeEVocE+kKilLnfuIe
8kh7LsplosEQSxpfhjQcxt6qgRQk+eI9kyxczLvt2S0goAoO7rPIhi1LQFI1uUij
U18a+vsu9uv/mMAa/R101EZxIJyZZDtjyajPUP3Zo7LfxXZpVgg8xXAE6xY3PGlJ
-----END PRIVATE KEY-----
Thank you

You say 'the' format supported by OpenSSL, but OpenSSL supports multiple formats for (RSA and other) private keys, over a dozen depending how you count.
The particular formats you show, perhaps coincidentally, are the PEM forms of the two formats directly supported by Java crypto, PKCS8-unencrypted for private and 'X.509' (really SubjectPublicKeyInfo aka SPKI) for public, and thus can be created simply:
//nopackage
import java.security.*;
import java.util.Base64;
public class SO43459993SimpleRSAPEM {
public static void main (String[] args) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048); KeyPair kp = kpg.generateKeyPair();
System.out.println ("-----BEGIN PRIVATE KEY-----");
System.out.println (Base64.getMimeEncoder().encodeToString( kp.getPrivate().getEncoded()));
System.out.println ("-----END PRIVATE KEY-----");
System.out.println ("-----BEGIN PUBLIC KEY-----");
System.out.println (Base64.getMimeEncoder().encodeToString( kp.getPublic().getEncoded()));
System.out.println ("-----END PUBLIC KEY-----");
}
}
Example output:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiaT/zBxjS6ZBiCbUBiUFirm3/
xo+A8LY3yBsffu6/6mO0ZwrXNtrHmpQEdld5/XM+k8vKOE+KTfeUwikKOLnHeuzV5qrO4/WZPDyz
ggXGqFrgI3/WT8AqTcAmc21CG92Wx+omVaFyl5j5/Sh6aapYl6TG7qX4NXzEln7Ka70Az39nKtqi
oe7LA5ARjcyOBRPXVg2Oq/O+XSwy/epFHIs83ucswF1j/4Nv4u7juCIQ4+sQFyBUwh2docgH9+Ls
MQ18a2N3khNbhxD9TkehuSGU+/KHd0OmEXVHx6dxEvvVTG+MYuuqBbUxdnReggTdX5bJUXtzf+RM
+6yuqauLNlJDAgMBAAECggEAES0WYUpn2q5u4Z9rMC1m59vQsFM8jANpEf8stykCcPOF9edL4zTe
8GstqkcluzYNwRl6XPmVl+fk/iuGkZksNKeQcpLBj73WFI2lUcq3d6oIaln2xCCNDyxH3QkqDerK
hY7A+armtyrHN/EJHeEc7d+jwpIspVJqzpOn9xpr07DyPJ7EK2IsoupMrJ3OwAmcTWvCnv0465fr
t+OOzlHF6m1fQtTKD7kBcKE9vnGdkNbpOxY6VI0p9e0R3ymITeXWFxebq8G7hMO3baD775t55smv
fbWPl41idvTfwAIgUdfKaEk/28zlXwm6WBt3MBF+jlhbfe3zr5RphxtVdIzIYQKBgQD2iqtSXM6/
PrxM2CNnS0RwVNvDcx6+BwemJk+pkfq1BSuXrLbAs3KPfZ51ASHmV9+8IDuV98nJEEKu4einIGUa
m4GK7gHAq0Ml2ISyXTB+28ZXkgDWqvP044T1RbakBrccDDcbsSiIRznyXkJ2VrTA6+Xufz4rIs2Y
IkYnwBKPkwKBgQCopFGz/7VqPDRd5RL0pm2YWp85M06SD8zss0lbL+EBnAGy/zRjKYMMVlZpuA+Q
6od8idyYoOBNpFgf+SGJTs097yUP7Vk98wk4jDqC0Kbd9VGXlUfWwpFeGlcO6zVTtVC6ShLDyBTL
QoulgIhFmHtjHLsUKhehixhbtDXXfmEAkQKBgDvrR+gkljr0zF8AyNn5+RA0D5VZDUex/bHr7cCQ
shX8w7OBTolXE6i8Jx7Yv5x0DvRyAQlZx7kOMqa+UQUNYoUs9jcF0Xc6KH+yN84ByB+M2o+99GY3
9kK2aUITR2hmGWq/rUUVsXwtk2/MaOrJ9/RLYP6t/jYNp1oqOlK+48PxAoGBAJhTM+leA0Nd9f8J
tsF8wmlnEYLdMQ8FbpguqQfQi3CktXQ0x+D50gEGyy7arlS7Qn3fGH5UccYvt9nJcd1QbFqQ8+0a
+gzWxXFqWD9osBC0UWqV0DnPrPZO3GwBUD23/J8H4UMuKnoeNXzcSDp0rJ6tiN2B1652sR3D/Q4U
fRHBAoGAAseKaXqnBWeSS2RE/FZ7meSC0Wge7dTgkTKRRkJfKuOfLvTs1FB6mNVGkffcjltPuxM3
m79c3lnkD9ub7UZcJtNRY8sv0oM6K6ez1stB9M7qc/ZbgbAE7LzCqgGIywgNVCBAZ4zgSGl0h1SM
/evMdsYTYUXubxolHGq56o+UL4M=
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomk/8wcY0umQYgm1AYlBYq5t/8aPgPC2
N8gbH37uv+pjtGcK1zbax5qUBHZXef1zPpPLyjhPik33lMIpCji5x3rs1eaqzuP1mTw8s4IFxqha
4CN/1k/AKk3AJnNtQhvdlsfqJlWhcpeY+f0oemmqWJekxu6l+DV8xJZ+ymu9AM9/ZyraoqHuywOQ
EY3MjgUT11YNjqvzvl0sMv3qRRyLPN7nLMBdY/+Db+Lu47giEOPrEBcgVMIdnaHIB/fi7DENfGtj
d5ITW4cQ/U5HobkhlPvyh3dDphF1R8encRL71UxvjGLrqgW1MXZ0XoIE3V+WyVF7c3/kTPusrqmr
izZSQwIDAQAB
-----END PUBLIC KEY-----