Problem loading pem key on linux
291 views
Skip to first unread message
ilyail3
Oct 21, 2010, 9:30:49 AM10/21/10
to JetS3t Users
Hi there people
A problem I'm facing today looks like that issue:
http://groups.google.com/group/jets3t-users/browse_thread/thread/995cf6bd83f6be8c
but unlink in that issue, I have linux (opensuse 11.2) and converting
the key to der format before importing it does not seem to do
anything, after reading the new converted key file, the same exact
issue appears, which leads me to belive the problem I'm facing is
different form that of the author of the previous thread.
The script I used to import the PEM key:
byte[] derPrivateKey = EncryptionUtil.convertRsaPemToDer(
new FileInputStream("/home/work2/parts/cloudfront/pk-
xxxxxxxxxxxxxx.pem"));
The script I used to import DER key:
File privKeyFile = new File("/home/work2/parts/cloudfront/pk-
xxxxxxxxxxxxxx.der");
DataInputStream dis = new DataInputStream(new
FileInputStream(privKeyFile));
byte[] derPrivateKey = new byte[(int)privKeyFile.length()];
dis.read(derPrivateKey);
dis.close();
And the openssl script I used to convert the file type:
openssl rsa -in pk-xxxxxxxxxxxxxx.pem -inform PEM -out pk-
xxxxxxxxxxxxxx.der -outform DER
The full stack trace is:
Exception in thread "main"
org.jets3t.service.CloudFrontServiceException:
java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: IOException : algid parse error,
not a sequence
at
org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:
2145)
at Lunch.main(Lunch.java:57)
Caused by: java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: IOException : algid parse error,
not a sequence
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:
200)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:342)
at
org.jets3t.service.security.EncryptionUtil.signWithRsaSha1(EncryptionUtil.java:
526)
at
org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:
2131)
... 1 more
Caused by: java.security.InvalidKeyException: IOException : algid
parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:344)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:350)
at
sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:
74)
at
sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:
58)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:
299)
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:
196)
... 4 more
A problem I'm facing today looks like that issue:
http://groups.google.com/group/jets3t-users/browse_thread/thread/995cf6bd83f6be8c
but unlink in that issue, I have linux (opensuse 11.2) and converting
the key to der format before importing it does not seem to do
anything, after reading the new converted key file, the same exact
issue appears, which leads me to belive the problem I'm facing is
different form that of the author of the previous thread.
The script I used to import the PEM key:
byte[] derPrivateKey = EncryptionUtil.convertRsaPemToDer(
new FileInputStream("/home/work2/parts/cloudfront/pk-
xxxxxxxxxxxxxx.pem"));
The script I used to import DER key:
File privKeyFile = new File("/home/work2/parts/cloudfront/pk-
xxxxxxxxxxxxxx.der");
DataInputStream dis = new DataInputStream(new
FileInputStream(privKeyFile));
byte[] derPrivateKey = new byte[(int)privKeyFile.length()];
dis.read(derPrivateKey);
dis.close();
And the openssl script I used to convert the file type:
openssl rsa -in pk-xxxxxxxxxxxxxx.pem -inform PEM -out pk-
xxxxxxxxxxxxxx.der -outform DER
The full stack trace is:
Exception in thread "main"
org.jets3t.service.CloudFrontServiceException:
java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: IOException : algid parse error,
not a sequence
at
org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:
2145)
at Lunch.main(Lunch.java:57)
Caused by: java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: IOException : algid parse error,
not a sequence
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:
200)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:342)
at
org.jets3t.service.security.EncryptionUtil.signWithRsaSha1(EncryptionUtil.java:
526)
at
org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:
2131)
... 1 more
Caused by: java.security.InvalidKeyException: IOException : algid
parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:344)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:350)
at
sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:
74)
at
sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:
58)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:
299)
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:
196)
... 4 more
James Murty
Oct 21, 2010, 10:58:33 AM10/21/10
to jets3t...@googlegroups.com
Hi,
Hi,
Can you try loading your OpenSSL-converted DER file into a ByteArrayInputStream instead of a DataInputStream? The DataInputStream expects to load and convert Java types from the input, not pure binary data.
You will also need to use OpenSSL's --nocrypt option to strip the key's password.
Here is a good example or running the openssl command and reading in the resulting file: https://jets3t.dev.java.net/servlets/ProjectForumMessageView?messageID=34108&forumID=2233
James
--
You received this message because you are subscribed to the Google Groups "JetS3t Users" group.
To post to this group, send email to jets3t...@googlegroups.com.
To unsubscribe from this group, send email to jets3t-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/jets3t-users?hl=en.
Reply all
Reply to author
Forward
0 new messages