Problem loading 2048 bit RSA private key from a PEM file

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem loading 2048 bit RSA private key from a PEM file

Luis Arenal Mijares
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----

This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.

In BouncyCastle, i use the PEMParser.readObject(), code:

PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();

I am getting the following error:

org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected

Is there something wrong with the Key? Is there something I can do in the load method to fix this?

Any help is deeply appreciated, thanks in advance,
Luis AM

private_key_delphi.pem (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

David Hook-3

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David

On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----

This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.

In BouncyCastle, i use the PEMParser.readObject(), code:

PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();

I am getting the following error:

org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected

Is there something wrong with the Key? Is there something I can do in the load method to fix this?

Any help is deeply appreciated, thanks in advance,
Luis AM


Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

Juan Francisco Alvarez Urquijo
Hi David.

How did you get the public exponent through OpenSSL? 
Could you share us the command for the openssl ASN.1 dump? 
Is there something we can do for demonstration​ purposes to Secure Black Box product owner about this bug in their library?

Luis's afirmation is correct: Why OpenSSL can load the key?


El 10 may. 2017 9:15 PM, "David Hook" <[hidden email]> escribió:

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David


On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----

This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.

In BouncyCastle, i use the PEMParser.readObject(), code:

PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();

I am getting the following error:

org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected

Is there something wrong with the Key? Is there something I can do in the load method to fix this?

Any help is deeply appreciated, thanks in advance,
Luis AM



Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

David Hook-3

openssl asn1dump < file.pem

where file.pem contains the private key below.

OpenSSL can load the key because it is failing to validate an ASN.1 Integer is properly encoded. It is a bug in OpenSSL's ASN.1 parser (easy mistake to make, we certainly did...)

With the original product developers, you can direct them to ISO/IEC 8825-1:2003 (E), Section 8.3, specifically 8.3.2 which says

8.3.2
If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet
and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.

There is a version of the standard available at:

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Regards,

David

On 11/05/17 14:38, Juan Francisco Alvarez Urquijo wrote:
Hi David.

How did you get the public exponent through OpenSSL? 
Could you share us the command for the openssl ASN.1 dump? 
Is there something we can do for demonstration​ purposes to Secure Black Box product owner about this bug in their library?

Luis's afirmation is correct: Why OpenSSL can load the key?


El 10 may. 2017 9:15 PM, "David Hook" <[hidden email]> escribió:

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David


On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----
This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.
In BouncyCastle, i use the PEMParser.readObject(), code:
PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();
I am getting the following error:
org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected
Is there something wrong with the Key? Is there something I can do in the load method to fix this?
Any help is deeply appreciated, thanks in advance,
Luis AM

Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

Juan Francisco Alvarez Urquijo
Hi David.

openssl asn1dump < private_key_delphi.pem

openssl:Error: 'asn1dump' is an invalid command.

asn1dump doesn´t exist did you mean asn1parse?



---------------------------------------------------------------------------------------------------------------------
Juan Francisco Alvarez Urquijo
Ingeniero de Software Senior.

Escuela Superior de Cómputo - Instituto Politécnico Nacional

[hidden email]


 Evita la impresión de correos: Para fabricar una tonelada de papel se talan 17 árboles y se usan 250,000 litros de agua.

Comprometidos con el cuidado del medio ambiente.



2017-05-10 23:55 GMT-05:00 David Hook <[hidden email]>:

openssl asn1dump < file.pem

where file.pem contains the private key below.

OpenSSL can load the key because it is failing to validate an ASN.1 Integer is properly encoded. It is a bug in OpenSSL's ASN.1 parser (easy mistake to make, we certainly did...)

With the original product developers, you can direct them to ISO/IEC 8825-1:2003 (E), Section 8.3, specifically 8.3.2 which says

8.3.2
If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet
and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.

There is a version of the standard available at:

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Regards,

David


On 11/05/17 14:38, Juan Francisco Alvarez Urquijo wrote:
Hi David.

How did you get the public exponent through OpenSSL? 
Could you share us the command for the openssl ASN.1 dump? 
Is there something we can do for demonstration​ purposes to Secure Black Box product owner about this bug in their library?

Luis's afirmation is correct: Why OpenSSL can load the key?


El 10 may. 2017 9:15 PM, "David Hook" <[hidden email]> escribió:

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David


On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----
This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.
In BouncyCastle, i use the PEMParser.readObject(), code:
PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();
I am getting the following error:
org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected
Is there something wrong with the Key? Is there something I can do in the load method to fix this?
Any help is deeply appreciated, thanks in advance,
Luis AM


Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

Uri Blumenthal
On May 11, 2017, at 11:04 AM, Juan Francisco Alvarez Urquijo <[hidden email]> wrote:

openssl asn1dump < private_key_delphi.pem

openssl:Error: 'asn1dump' is an invalid command.

asn1dump doesn´t exist did you mean asn1parse?

Yes, as openssl itself told you, you mean/want “openssl asn1parse”.





2017-05-10 23:55 GMT-05:00 David Hook <[hidden email]>:

openssl asn1dump < file.pem

where file.pem contains the private key below.

OpenSSL can load the key because it is failing to validate an ASN.1 Integer is properly encoded. It is a bug in OpenSSL's ASN.1 parser (easy mistake to make, we certainly did...)

With the original product developers, you can direct them to ISO/IEC 8825-1:2003 (E), Section 8.3, specifically 8.3.2 which says

8.3.2
If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet
and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.

There is a version of the standard available at:

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Regards,

David


On 11/05/17 14:38, Juan Francisco Alvarez Urquijo wrote:
Hi David.

How did you get the public exponent through OpenSSL? 
Could you share us the command for the openssl ASN.1 dump? 
Is there something we can do for demonstration​ purposes to Secure Black Box product owner about this bug in their library?

Luis's afirmation is correct: Why OpenSSL can load the key?


El 10 may. 2017 9:15 PM, "David Hook" <[hidden email]> escribió:

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David


On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----
This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.
In BouncyCastle, i use the PEMParser.readObject(), code:
PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();
I am getting the following error:
org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected
Is there something wrong with the Key? Is there something I can do in the load method to fix this?
Any help is deeply appreciated, thanks in advance,
Luis AM




Reply | Threaded
Open this post in threaded view
|

Re: Problem loading 2048 bit RSA private key from a PEM file

David Hook-3
In reply to this post by Juan Francisco Alvarez Urquijo

Yes, as Uri pointed out asn1parse - sorry, I mixed my commands...

You'll see:

  268:d=1  hl=2 l=   4 prim: INTEGER           :010001

The 4 should be a 3.

With:
What do you mean by "Be careful how you use this one, technically needing it means the signature is really invalid."
Do you say that the signature is invalid, although MyRightSignerInformation.verify() returns true because of mistakes during the signature calculation?
Yes, the signature has not been calculated correctly, the bigger problem it also means the data in it can be reordered without detection, while this doesn't make it trivial to forge an input to a signature, it does make it a lot easier. So be sparing how you use it - if someone is in the habit of sending you correct signatures and you suddenly get an incorrect one that verifies it is better to assume something is wrong. For people who do not get it right as a habit you'll need to use the fallback approach, although it would good idea if you can get them to mend their ways.

Regards,

David


On 12/05/17 01:04, Juan Francisco Alvarez Urquijo wrote:
Hi David.

openssl asn1dump < private_key_delphi.pem

openssl:Error: 'asn1dump' is an invalid command.

asn1dump doesn´t exist did you mean asn1parse?



---------------------------------------------------------------------------------------------------------------------
Juan Francisco Alvarez Urquijo
Ingeniero de Software Senior.

Escuela Superior de Cómputo - Instituto Politécnico Nacional

[hidden email]


 Evita la impresión de correos: Para fabricar una tonelada de papel se talan 17 árboles y se usan 250,000 litros de agua.

Comprometidos con el cuidado del medio ambiente.



2017-05-10 23:55 GMT-05:00 David Hook <[hidden email]>:

openssl asn1dump < file.pem

where file.pem contains the private key below.

OpenSSL can load the key because it is failing to validate an ASN.1 Integer is properly encoded. It is a bug in OpenSSL's ASN.1 parser (easy mistake to make, we certainly did...)

With the original product developers, you can direct them to ISO/IEC 8825-1:2003 (E), Section 8.3, specifically 8.3.2 which says

8.3.2
If the contents octets of an integer value encoding consist of more than one octet, then the bits of the first octet
and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.

There is a version of the standard available at:

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Regards,

David


On 11/05/17 14:38, Juan Francisco Alvarez Urquijo wrote:
Hi David.

How did you get the public exponent through OpenSSL? 
Could you share us the command for the openssl ASN.1 dump? 
Is there something we can do for demonstration​ purposes to Secure Black Box product owner about this bug in their library?

Luis's afirmation is correct: Why OpenSSL can load the key?


El 10 may. 2017 9:15 PM, "David Hook" <[hidden email]> escribió:

The public exponent is encoded as:

Hex: 00010001

You can see this from an openssl ASN.1 dump as it shows as the number as having a length of 4, when it only needs to be 3.

I'm not sure why openssl accepts it, it's a bug, but at any rate the encoding is not valid which is why you are seeing the error. You might be able to get openssl to re-encode it correctly, but it would really be better if the originating application was encoding integers correctly.

Regards,

David


On 11/05/17 09:33, Luis Arenal Mijares wrote:
I am testing, trying to load the following RSA Key with BouncyCastle:

RSA Key (pem file attached):
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAymCRmCwLivshVM085GoYicM+czTpaoT/eCXUljeV4Xl9NP6L
8olRbCP68fXpVdt07bZkY0Y6eXPtM35hfwUal99/eZsM/dbf5t6l1vSlmqL3KR61
gW4uGpD41bhoT36KGuK5cyKFw7x77hvCeb1K5OSVOszqx9No6MYCw9KduwEM8l+f
ehd3wrnjGdypPZT/erOlTBcHbJrunX/lKqdt3R0J8Ic/EUlo2193caxbtTQwDAxH
UZrHA6HYJfJEpZJ6jpuP3ZaNQO3MrlFbIqYcuNVE/d9qEqlXVtMxl6SXDhq5UIR/
KGXN+KKgqomfYQ9G21c2WXtUW+/q+qsRrKp52QIEAAEAAQKCAQEAtte200CAEUpB
XAeuC0Sb9OOUqavVc6rD0X6Eak/AN5129QlB0ZglG0oKsM8XyL1lEFwoqNTLge2u
EkcNuSAYXbzMxEbE3xZi5oikVuhkMqkoG1uma1DrkI8IcreQbroJ9q5/FLnNFwJV
CdTEyQ6v+stW1HBNcsrbzusPlnLUlR2LBLahjZFhcWP+jRrfOqVN7vnArjnBVqFZ
pPfxfgHgHsEkg19OZqrQXmwM7sIAXAhFP1nTe8dxdBOKJTo4iETAbp15EKWMsW5w
UnkmYN7cdz3mgiOsQy40QEJkd2NZtIbVKmaTWlVA5SSj81iEZEIUfH2Q8ss8PGbh
ol3L68KUDQKBgQDYBvzRJad+ybwdmm2E1gJQuhKtnux5ou+VhG0OwiAzX/TjFZmM
nzWxIcEP0LB0MiuZ0ZGaa/sLSMmMGukPKipwMuyKV5SCBTvwbgAAPgk2s2g8lG5V
64X66wPONCZ0mMB2LfAFz6YRAzW9/68QON/T4HWKSOr5yObjQkAxduGGOwKBgQDv
0v1mpYixw+WFZrKMfJ4ZOgI3yj6NUbS4YfT7S/uWOzWDvmpo9XasnNOd/l42SUgT
ly8Oxkh3Y9nztdORalB2FfIZGqtqlY3jxS10AzjtuarnTVwSxR4Y8SLVWDn1/vAL
FpimzxOpNz1vMv2h+4jIZ+74KVQF9Lqiy5yvlL+6+wKBgBtsx6vFm/38nmUjtcOn
Z6PX+4cPJfZLOR9CMJYvDud2xyANHfE8RRS3tErNs5kMxXxBnrp7+uLz2qJuyCek
sr6LuHvXooLfJzzeuiFNvt2y6QjHzzoZLGkubM1A0aD7w3M9YbtbIToHrkrwqsjk
b4X2ePWVTD9pweYYAw5EiV0BAoGBAL5OOiDK+Ia/gZFzJfoPJVG1U288AJkZngO2
T7Vd3R2gjF2nqz7wkaR1qgM0h0QisJxDGudpdrWuuZQH1AQPThv2XC+Jlz6zwG1e
2Su3JuSVscVsAMUwQCrgppiPMyc+jvLtkmLD7cEYgZqM5vEz7Z3Bw8KO4Qr84WEv
m31E10QjAoGBAIORTKCPZpJ1cg05BbAH+V9rO5pIY0eIX1nQrD+2gTvnbd6dyuyQ
ELm93z91pcghuxnC7Vr0/t89ikli2/xUUT0cLfdae1BQNj4tg2adqhLRlp9Rw3dm
4NQxMsaJu2xWAMdkzZ4UmCWWUqWVyXbQ7/5W2r1yHPwpefm3zyMi/0OZ
-----END RSA PRIVATE KEY-----
This Key was generated and saved with Eldos library SecureBlackBox in a Delphi app. When I try to load it with OPENSSL it works perfectly.
In BouncyCastle, i use the PEMParser.readObject(), code:
PEMParser pemParser = new PEMParser(new FileReader("private_key_delphi.pem"));
keyPair = pemParser.readObject();
I am getting the following error:
org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream detected
Is there something wrong with the Key? Is there something I can do in the load method to fix this?
Any help is deeply appreciated, thanks in advance,
Luis AM