Decrypting PKCS8 private keys

David Taylor (dtaylor@forge.com.au)
Thu, 20 May 1999 09:11:06 +1000

From: "David Taylor" <dtaylor@forge.com.au>
To: java-security@java.sun.com
Date: Thu, 20 May 1999 09:11:06 +1000
Subject: Decrypting PKCS8 private keys

I have some questions about private keys and key factories

1. PKCS8 encrypted keys

The PKCS8 defines two types of private key information structures,
PrivateKeyInfo for unencrypted private keys and EncryptedPrivateKeyInfo for
encrypted private keys.

The PrivateKeyInfo has an algorithm identifier so you know what type of key
you're dealing with and then a (say) a private key DER encoded as an
RSAPrivateKey structure.

The EncryptedPrivateKeyInfo structure has an algorithm identifier to
specify how the rest of it is encrypted and an octet string for the
encrypted information.

My question is: what comes out of that octet string when you decrypt it? Is
it a PKCS8 PrivateKeyInfo structure that can then be put into a
PKCS8EncodedKeySpec or is it the lower level key info such an
RSAPrivateKey?

A point about doing this in Java: the PKCS8EncodedKeySpec and KeyFactory
classes don't seem to have any provision for keys stored in
EncryptedPrivateKeyInfo structures. You generally need a password to
decrypt the keys and there is nowhere to set this password. A key factory
could recognise the encrypted key info and prompt for the password, but
this sort of thing shouldn't be open to interpretation.

2. X509EncodedKeySpec

The docs for X509EncodedKeySpec say it can be used for the DER encoding of
a public or private key according the X.509 spec. Does the X.509 spec give
structures for private keys? What are the ASN.1 structures (leading to the
DER encoding) that are acceptable for private keys in a X509EncodedKeySpec?
Also, what key types - I guess RSA and DSA - but any others?

Thanks,
David Taylor
Forge Research.