I have an .pfx file and a password for the file.
I would like to decrypt a RSA encrypted file using Java. Basically the same approach like here (c#), but in java: https://stackoverflow.com/a/37894914/13329087
is this possible?
my approach so far:
byte[] file = Files.readAllBytes(Paths.get("C:/file.fileinfo"));
String pfxPassword = "pwd";
String keyAlias = "pvktmp:1ce254e5-4620-4abf-9a12-fbbda5b97fa0";
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream("/keystore.pfx"), pfxPassword.toCharArray());
PrivateKey key = (PrivateKey)keystore.getKey(keyAlias, pfxPassword.toCharArray());
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, key);
System.out.println(new String(cipher.doFinal(file)));
this produces an Error:
Exception in thread "main" javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:379)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:290)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:365)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:391)
at javax.crypto.Cipher.doFinal(Cipher.java:2168)
Advertisement
Answer
Unfortunately you didn’t provide the keystore *pfx-file nore the encrypted file so I had to setup my own files. If you like to run my example with my files you can get them here:
https://github.com/java-crypto/Stackoverflow/tree/master/Decrypt_using_pfx_certificate_in_Java
Your sourcecode doesn’t show the inputStream-value in
keystore.load(inputStream, pfxPassword.toCharArray());
and I used the direct loading of the keystore:
keystore.load(new FileInputStream("keystore.pfx"), pfxPassword.toCharArray());
Using my implementation I can sucessfully decrypt the encrypted file (“fileinfo”) with this console output:
https://stackoverflow.com/questions/62769422/decrypt-using-pfx-certificate-in-java?noredirect=1#comment111047725_62769422 RSA decryption using a pfx keystore The quick brown fox jumps over the lazy dog
To answer your question: Yes it is possible to decrypt a RSA encrypted file with a pfx-keystore. The error you see in your implementation seems to result that the key(pair) that was used to encrypt (the public key in the certificate) has changed in the meantime and you are trying to decrypt with a (maybe new generated) other private key (with the same alias). To check this you need to provide the keystore and the encrypted file…
Here is the implementation I’m using (I just edited the inputStream-line):
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.CertificateException;
public class MainSo {
public static void main(String[] args) throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, CertificateException {
System.out.println("https://stackoverflow.com/questions/62769422/decrypt-using-pfx-certificate-in-java?noredirect=1#comment111047725_62769422");
System.out.println("RSA decryption using a pfx keystore");
//byte[] file = Files.readAllBytes(Paths.get("C:/file.fileinfo"));
byte[] file = Files.readAllBytes(Paths.get("fileinfo"));
// password for keystore access and private key + certificate access
String pfxPassword = "pwd";
String keyAlias = "pvktmp:1ce254e5-4620-4abf-9a12-fbbda5b97fa0";
// load keystore
KeyStore keystore = KeyStore.getInstance("PKCS12");
//keystore.load(inputStream, pfxPassword.toCharArray());
keystore.load(new FileInputStream("keystore.pfx"), pfxPassword.toCharArray());
PrivateKey key = (PrivateKey) keystore.getKey(keyAlias, pfxPassword.toCharArray());
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, key);
System.out.println(new String(cipher.doFinal(file)));
}
}