Java and SSL - java.security.NoSuchAlgorithmException - Stack Overflow
Join the Stack Overflow Community
Stack Overflow is a community of 6.8 million programmers, just like you, helping each other.
J it only takes a minute:
I've built a Java program as a front end for a database on a server, and I'm trying to use SSL to encrypt traffic between clients and the server.
Here is the command I issued to create the server certificate:
keytool -genkey -alias localhost -keyalg RSA -keypass kpass123 -storepass kpass123 -keystore keystore.jks
Here is the relevant code:
System.setProperty("javax.net.ssl.keyStore",
"G:/Data/Android_Project/keystore.jks");
System.setProperty("javax.net.ssl.keyPassword", "kpass123");
SSLServerSocketFactory factory =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket accessSocket =
(SSLServerSocket)factory.createServerSocket(DB_ACCESS_PORT);
When I try to run this, I catch this:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
I've also found that the "KeyPairGenerator" service has algorithms DIFFIEHELLMAN, DSA, RSA available to it, while "SSLContext" has algorithms SSL, TLS, SSLV3, DEFAULT, TLSV1.
Do I need to find some way to install RSA into the SSLContext service?
Am I even looking at the correct services?
Should I not be using RSA?
I'm new to the whole SSL - Security - Certificates thing, and it just blows me away that each of these different services don't have the same algorithms when they are supposed to be accessing the same certificates.
138k80418507
Try javax.net.ssl.keyStorePassword instead of javax.net.ssl.keyPassword: the latter isn't mentioned in the .
The algorithms you mention should be there by default using the default security providers. NoSuchAlgorithmExceptions are often cause by other underlying exceptions (file not found, wrong password, wrong keystore type, ...). It's useful to look at the full stack trace.
You could also use -Djavax.net.debug=ssl, or at least -Djavax.net.debug=ssl,keymanager, to get more debugging information, if the information in the stack trace isn't sufficient.
35.1k51847
77.1k7161236
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
rev .25296
Stack Overflow works best with JavaScript enabledencryption - java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error - Stack Overflow
Join the Stack Overflow Community
Stack Overflow is a community of 6.8 million programmers, just like you, helping each other.
J it only takes a minute:
Here's the exception:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
at java.security.KeyFactory.generatePrivate(Unknown Source)
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error at sun.security.pkcs.PKCS8Key.decode(Unknown Source)
Here's the code:
import java.io.*;
import java.security.*;
import java.security.KeyStore.PasswordP
import java.security.cert.CertificateE
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.IvParameterS
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.nist.NISTObjectI
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyI
import org.bouncycastle.asn1.x509.AlgorithmI
import org.bouncycastle.util.encoders.Base64;
public class KeyPairUtil {
final static String keyStoreFile = "D:\\aeskey.jks";
private static final ASN1ObjectIdentifier AES = ASN1ObjectIdentifier.getInstance(NISTObjectIdentifiers.id_aes128_CBC);
public static void main(String[] args) throws Exception {
final java.security.KeyPairGenerator gen = java.security.KeyPairGenerator.getInstance("RSA");
gen.initialize(1024);
final KeyPair keyPair = gen.generateKeyPair();
wrapKeypairWithSymmetricKey(keyPair);
public static KeyPair wrapKeypairWithSymmetricKey(KeyPair keyPair) {
PrivateKey priv = keyPair.getPrivate();
SecretKey symmetricKey = getSymmetricKeyFromJKSFile();
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final IvParameterSpec iv = new IvParameterSpec(new byte[16]);
cipher.init(Cipher.WRAP_MODE, symmetricKey, iv);
System.out.println(iv.getIV());
ASN1Encodable params = new DEROctetString(iv.getIV());
AlgorithmIdentifier algId = new AlgorithmIdentifier(AES, params);
byte[] wrappedKey = cipher.wrap(priv);
KeyFactory keyFactory = KeyFactory.getInstance(priv.getAlgorithm());
byte[] pkcs8enc = new EncryptedPrivateKeyInfo(algId, wrappedKey).getEncoded();
EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(pkcs8enc);
PrivateKey privateKey2 = keyFactory.generatePrivate(privateKeySpec); //throwing error in this line
KeyPair keypair = new KeyPair(keyPair.getPublic(), privateKey2);
} catch (NoSuchAlgorithmException | InvalidKeyException | InvalidKeySpecException | NoSuchPaddingException | IllegalBlockSizeException | IOException | InvalidAlgorithmParameterException e) {
e.printStackTrace();
private static SecretKey getSymmetricKeyFromJKSFile() {
String jkspassword = "password";
PasswordProtection keyPassword = new PasswordProtection("keypassword".toCharArray());
KeyStore keyStore = loadKeyStore(keyStoreFile, jkspassword);
// retrieve the stored key back
KeyStore.Entry entry = keyStore.getEntry("keyentry", keyPassword);
SecretKey keyFound = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
return keyF
} catch (CertificateException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
e.printStackTrace();
private static KeyStore loadKeyStore(String fileName, String jkspassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
File file = new File(fileName);
final KeyStore keyStore = KeyStore.getInstance("JCEKS");
if (file.exists()) {
keyStore.load(new FileInputStream(file), jkspassword.toCharArray());
return keyS
I hope somebody knows how to solve?
45.8k949125
I'll assume that you want to generate a wrapped PKCS#8 private key.
PKCS#8 however has both an inner and external DER encoded structure around it. The inner structure is to identify the stored key, i.e. it will indicate an RSA private key. This is what's being wrapped. The outer structure will indicate how the private key was wrapped. This is what is currently missing.
So what's happening is that the parser doesn't find the outer structure simply because you haven't generated it. The structure is (partly) defined in the
documentation, and I assume you can use
to generate it.
45.8k949125
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
rev .25296
Stack Overflow works best with JavaScript enabledI was working on webservice call where my code was breaking in RAD during decrypting the password of keystore. I encountered below error:
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
There are key size restrictions with the default crypto files local_policy.jar and US_export_policy.jar comes with JDK – which limits it to 128. If your security policy using a key size larger than this – then the above exception is thrown.
For example – if your security policy specifies the algorithmic suite as Basic256 – then the key size to be used is 256.
For the solution of above issue, you need to patch your JDK with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
For JDK1.5 , download the crypto files and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.
For JDK1.6
If your IDE using it’s own specific JDK then patch that as well with these files to resolve the issue.
About nitingautam
I am Tech Lead (Java/J2EE/ExtJs)
with a MNC located @ Gurgaon.
This entry was posted in , ,
and tagged , , , . Bookmark the .
Categories
Recent Postsrsa - Read private key in DER format java - Stack Overflow
Join the Stack Overflow Community
Stack Overflow is a community of 6.8 million programmers, just like you, helping each other.
J it only takes a minute:
I have the following code to read a private key in PKCS#8 format
public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) {
FileInputStream fis =
byte[] encodedKey =
File f = new File(pathOfKey);
encodedKey = new byte[(int)f.length()];
fis = new FileInputStream(f);
fis.read(encodedKey);
fis.close();
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
Signature rsaSigner = Signature.getInstance("SHA1withRSA");
rsaSigner.initSign(privateKey);
fis = new FileInputStream(hashToEncrypt);
BufferedInputStream bis = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len = 0;
while ((len = bis.read(buffer)) &= 0) {
rsaSigner.update(buffer, 0, len);
} catch (SignatureException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
bis.close();
byte[] signature = rsaSigner.sign();
System.out.println(new String(signature));
} catch (SignatureException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (InvalidKeyException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (InvalidKeySpecException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (FileNotFoundException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} finally {
fis.close();
} catch (IOException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
But I'm getting the following exception.
dic 09, :59 PM firmaelectronica.DataEncryptor encryptHash
Grave: null
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40)
at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39)
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367)
at sun.security.rsa.RSAPrivateCrtKeyImpl.&init&(RSAPrivateCrtKeyImpl.java:91)
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
... 3 more
any idea what is wrong? I tried this on OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem and it works but when I want to read the key in DER format it just sends that exception.
2,250848105
Well finally looking at this thread
found the answer.
First I had to unprotect the key, as follows
openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key
it asked me for my password and then I had the file myPEMPrivate.key Once done this proceed to get rid of the password protecting the key like follows
openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key
with this I'm now able to load the key with the code above. If we want to have a pass-protected key in java it is highly advisable to use a keystore.
P.S. I tried to avoid the 2 steps to get rid of the password protecting the key with openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key but I don't know why I had the error Error decrypting key I used WinOpenSSL maybe that's the reason why I got that error.
2,250848105
-passin arg
the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
Command should look like:
openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -passin pass:a -out myPEMPrivate.key
OpenSSL website
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
rev .25296
Stack Overflow works best with JavaScript enabled