Bouncycastle Loading of PKCS8 Encrypted Private Key Failing on JBoss

Question

I'm trying to load an encrypted DSA private key with Bouncycastle.

The key is a pem file in the following format:

-----BEGIN ENCRYPTED PRIVATE KEY-----

    ....

-----END ENCRYPTED PRIVATE KEY-----

This is my Java code:

    Security.addProvider(new BouncyCastleProvider());

    ...    

    public PrivateKey loadKey(String fileName, String password) {

        try (PEMParser pemParser = new PEMParser(new InputStreamReader(new FileInputStream(fileName), StandardCharsets.UTF_8))) {

            PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();

            InputDecryptorProvider decryptorProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
            PrivateKeyInfo keyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);

            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
            return converter.getPrivateKey(keyInfo);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

When I try to load and use the key file on Windows (with JUnit), everything works.

But when I try to run the exact same code with the exact same key file and password on JBoss, I get the following exception:

org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: javax.crypto.BadPaddingException: pad block corrupted
    at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
    at com.my.app.MyClass.loadKey(MyClass.java:106)
    ... 53 more
Caused by: java.io.IOException: javax.crypto.BadPaddingException: pad block corrupted
    at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:128)
    at javax.crypto.CipherInputStream.read(CipherInputStream.java:246)
    at org.bouncycastle.util.io.Streams.pipeAll(Unknown Source)
    at org.bouncycastle.util.io.Streams.readAll(Unknown Source)
    ... 55 more
Caused by: javax.crypto.BadPaddingException: pad block corrupted
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedGenericBlockCipher.doFinal(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
    at javax.crypto.Cipher.doFinal(Cipher.java:2047)
    at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:125)
    ... 58 more

Any ideas what might be wrong?

Which Java and BC versions are used in both environments (Windows vs JBoss)? — Topaco, Nov 08 '21 at 15:33
@Topaco Locally I run Oracle Java 1.8.0_101 and JBoss runs OpenJDK 1.8.0_242. Bouncycastle (1.60) is the same on both environments, since it's a Maven dependency in the project. — Jardo, Nov 08 '21 at 15:44
I thought that possibly the [unlimited strength policy](https://github.com/open-eid/cdoc4j/wiki/Enabling-Unlimited-Strength-Jurisdiction-Policy) could be a possible explanation, but this is actually included since 8u151 (and also generates another exception, _InvalidKeyException: Illegal key size_). — Topaco, Nov 08 '21 at 16:07
Are you _sure_ the password is the same? Where the ciphertext is protected, as with PEM, 99.99% of decryption padding errors are due to wrong key, which here means password. Are there any non-ASCII characters that might use different normalization forms? Can you dump e.g. `Arrays.toString(password.toCharArray())` in both environments and compare? — dave_thompson_085, Nov 08 '21 at 19:14
@dave_thompson_085 Yes 100% sure the passwords are the same. They only contain ASCII characters and the output of `Arrays.toString(password.toCharArray())` is the same on both environments. — Jardo, Nov 09 '21 at 11:19
Maybe a problem with Windows newline chars in your PEM file? — unwichtich, Nov 15 '21 at 16:44
@unwichtich No I tried different line endings with zero effect. — Jardo, Nov 22 '21 at 14:49

Bouncycastle Loading of PKCS8 Encrypted Private Key Failing on JBoss

0 Answers0