java - 从 .pem 文件加载私钥时出现无效 key 格式异常

Question

我正在尝试从 pem 文件加载私钥。我受到限制，因为我不允许使用任何外部库，例如 Bouncy CaSTLe。

我的一段代码:

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    File privKeyFile = new File(privateKeyPath);
    byte[] privKeyBytes = new byte[(int)privKeyFile.length()];
    KeySpec ks = new PKCS8EncodedKeySpec(privKeyBytes);
    PrivateKey privKey = (PrivateKey) keyFactory.generatePrivate(ks);

最后一行出现异常。我还尝试使用 openssl 将 pem 文件转换为 PKCS#8:

openssl pkcs8 -topk8 -inform PEM -output DER -in mycert.pem -nocrypt > mynewcert.pk8

但我仍然收到“无效 key 格式”异常

我认为这可能是我的 pem 文件的问题，但是在使用 openssl 生成新文件后:

openssl req -config "C:\Program Files\GnuWin32\bin\openssl.conf" -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

我仍然得到相同的结果。

这是我的 pem 文件的内容:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCq4Do244NSSP+acHy3SRYMateNfM2LWnfvLmoDPkWrA2u+ZygT
5f1amkZED7o9UMmAK2zif8xQgIyl5olJ++OZfFJdFqCJ/yw4NGyrApYAkmi91Dms
e0JbjPZ4yVKaj1tnECJb4xfdHRk818IP+X4HTWmZG3LeZ3Z3o63dL+OscwIDAQAB
AoGAUBFzlca0ATmtc7uj5Op9R2JFEMpbMiI5Mr1H9a8XTBP1R6nksLZDKlJB/KB1
/0c8tC8k/Vku7sXdodtNl3pNYhks9vi23lGgf47qwx05kst7hPJB4D0Kaiigy61S
yEfl2FLXpcahmVpAt7VRNfEOd0Ogvvx3NJJsncDVbiCHCoECQQDYXpsQQHNPamCj
nl9NHGncMAw5o63AoghxlbN41ZChbScyED5qkiU3IOfx1HG2zISjlocEMADGLUg/
N3E6vAJBAkEAyix114sSBb1QWv4DN2QH5L5r4Xia+jGO7ZIApJs8eaV0dJ/6OPaP
E5xdnh6s3zIv6HBBUpsY1m/KBOB35UXZswJAD5wDo9CCgSAziJpMVcvO90ugFihw
yIzn/wnFwNnnbT3qrfnuBtI0TR3and+ttHpct1CMvQiZhbKOm8DsMkiOAQJAZ9ik
gx2VGUufvc1h247PGyjQgxUPDdps3wyytdpjGtzoz4ro3V+QKHOWBsUc6Nx/jTYz
53lxLZxoOU8PZr4VTwJBAI9qj9mDdFfHjSgW1UeovMeKzztNgwCzy2pofxEhNC78
eWyKNCwykZ4m9Ul58mD9CmiVevWu+dNzHSPHAuLbWlo=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICjTCCAfYCCQD0zMehYL1Q3zANBgkqhkiG9w0BAQQFADCBijEOMAwGA1UEChMF
UHVuY2gxDTALBgNVBAsTBEdhbWUxIzAhBgkqhkiG9w0BCQEWFGR6dW5nbGVvODlA
Z21haWwuY29tMQ8wDQYDVQQHEwZIYSBOb2kxDzANBgNVBAgTBkhhIE5vaTELMAkG
A1UEBhMCVk4xFTATBgNVBAMTDGxlb3N0eWxlLmNvbTAeFw0xMzAzMDYwMjU0MDJa
Fw0xNDAzMDYwMjU0MDJaMIGKMQ4wDAYDVQQKEwVQdW5jaDENMAsGA1UECxMER2Ft
ZTEjMCEGCSqGSIb3DQEJARYUZHp1bmdsZW84OUBnbWFpbC5jb20xDzANBgNVBAcT
BkhhIE5vaTEPMA0GA1UECBMGSGEgTm9pMQswCQYDVQQGEwJWTjEVMBMGA1UEAxMM
bGVvc3R5bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq4Do244NS
SP+acHy3SRYMateNfM2LWnfvLmoDPkWrA2u+ZygT5f1amkZED7o9UMmAK2zif8xQ
gIyl5olJ++OZfFJdFqCJ/yw4NGyrApYAkmi91Dmse0JbjPZ4yVKaj1tnECJb4xfd
HRk818IP+X4HTWmZG3LeZ3Z3o63dL+OscwIDAQABMA0GCSqGSIb3DQEBBAUAA4GB
ADXvjTyTAoe59B11bQ8UTVO6yY5Jc8+Z7kOoJgdQAdEjZJgT7JjCEd1QnvKsBRXy
tDDYLXXZEnZ1xxTQkL0duqIwluHLCGFq3xi156EM8I7mKBEIwBTFRiX5Lh22MAsq
2mwtDnQqKj4yZoqmEKhFZlykl6uZHU+WxZc1tHOfYBmc
-----END CERTIFICATE-----

这是我的堆栈跟踪:

    java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
    at java.security.KeyFactory.generatePrivate(Unknown Source)
    at Crypto.loadKeyPair(Crypto.java:165)
    at Crypto.signXML(Crypto.java:202)
    at Main.main(Main.java:12)
Caused by: java.security.InvalidKeyException: invalid key format
    at sun.security.pkcs.PKCS8Key.decode(Unknown Source)
    at sun.security.pkcs.PKCS8Key.decode(Unknown Source)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(Unknown Source)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(Unknown Source)
    at sun.security.rsa.RSAKeyFactory.generatePrivate(Unknown Source)
    ... 5 more

经过一番搜索后，我找不到任何进一步的信息。现在我被困住了，不知道下一步该做什么。请提供一些信息，我真的需要一些帮助。谢谢!

Answer 1

KeySpec ks = new PKCS8EncodedKeySpec(privKeyBytes);
PrivateKey privKey = (PrivateKey) keyFactory.generatePrivate(ks);

如果你想使用上面的方法，那么你的私钥文件应该是PKCS#8类型。但你的文件内容是 PKCS#1。因此，使用 bountyCaSTLe 库或其他方式。

ps。以下内容请注意您的私钥文件类型为 PKCS#1

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

PKCS#8 看起来像

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----