Decrypt file using .pfx certificate in Java

Tags: , , ,



I have an .pfx file and a password for the file.

I would like to decrypt a RSA encrypted file using Java. Basically the same approach like here (c#), but in java: https://stackoverflow.com/a/37894914/13329087

is this possible?

my approach so far:

byte[] file = Files.readAllBytes(Paths.get("C:/file.fileinfo"));

String pfxPassword = "pwd";
String keyAlias = "pvktmp:1ce254e5-4620-4abf-9a12-fbbda5b97fa0";

KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream("/keystore.pfx"), pfxPassword.toCharArray());
PrivateKey key = (PrivateKey)keystore.getKey(keyAlias, pfxPassword.toCharArray());

Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, key);
System.out.println(new String(cipher.doFinal(file)));

this produces an Error:

Exception in thread "main" javax.crypto.BadPaddingException: Decryption error
    at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:379)
    at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:290)
    at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:365)
    at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:391)
    at javax.crypto.Cipher.doFinal(Cipher.java:2168)

Answer

Unfortunately you didn’t provide the keystore *pfx-file nore the encrypted file so I had to setup my own files. If you like to run my example with my files you can get them here:

https://github.com/java-crypto/Stackoverflow/tree/master/Decrypt_using_pfx_certificate_in_Java

Your sourcecode doesn’t show the inputStream-value in

keystore.load(inputStream, pfxPassword.toCharArray());

and I used the direct loading of the keystore:

keystore.load(new FileInputStream("keystore.pfx"), pfxPassword.toCharArray());

Using my implementation I can sucessfully decrypt the encrypted file (“fileinfo”) with this console output:

https://stackoverflow.com/questions/62769422/decrypt-using-pfx-certificate-in-java?noredirect=1#comment111047725_62769422
RSA decryption using a pfx keystore
The quick brown fox jumps over the lazy dog

To answer your question: Yes it is possible to decrypt a RSA encrypted file with a pfx-keystore. The error you see in your implementation seems to result that the key(pair) that was used to encrypt (the public key in the certificate) has changed in the meantime and you are trying to decrypt with a (maybe new generated) other private key (with the same alias). To check this you need to provide the keystore and the encrypted file…

Here is the implementation I’m using (I just edited the inputStream-line):

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.CertificateException;

public class MainSo {
    public static void main(String[] args) throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, CertificateException {
        System.out.println("https://stackoverflow.com/questions/62769422/decrypt-using-pfx-certificate-in-java?noredirect=1#comment111047725_62769422");
        System.out.println("RSA decryption using a pfx keystore");
        //byte[] file = Files.readAllBytes(Paths.get("C:/file.fileinfo"));
        byte[] file = Files.readAllBytes(Paths.get("fileinfo"));
        // password for keystore access and private key + certificate access
        String pfxPassword = "pwd";
        String keyAlias = "pvktmp:1ce254e5-4620-4abf-9a12-fbbda5b97fa0";
        // load keystore
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        //keystore.load(inputStream, pfxPassword.toCharArray());
        keystore.load(new FileInputStream("keystore.pfx"), pfxPassword.toCharArray());
        PrivateKey key = (PrivateKey) keystore.getKey(keyAlias, pfxPassword.toCharArray());
        Cipher cipher = Cipher.getInstance(key.getAlgorithm());
        cipher.init(Cipher.DECRYPT_MODE, key);
        System.out.println(new String(cipher.doFinal(file)));
    }
}


Source: stackoverflow