Why Invalid RSA private key when load file?

I have a error when load my key with ClassLoader.class, why ?

UnitTest path = “/…./resource/…./key.der

Version deployed path = classLoader.getResource(AESKeyPath);

(aESKeyPath = “key.der”)

private void loadKey(final String AESKeyPath, final String privateKeyFileDerPath) {

    Properties prop = new Properties();
    ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
    InputStream input = classLoader.getResourceAsStream("foo.properties");
    final String classpath = prop.getProperty("test.foo");

    File aESKeyFile = null;
    File privateKeyFile = null;

    // My version deployed using the if.
    if (classpath.equals("local")) {
        URL aesKeyPath = classLoader.getResource(AESKeyPath);
        if (aesKeyPath != null) {
            aESKeyFile = new File(aesKeyPath.toURI());

        URL privateKeyURL = classLoader.getResource(privateKeyFileDerPath);
        if (privateKeyURL != null) {
            privateKeyFile = new File(privateKeyURL.toURI());

     // The tests used the else
    } else {
        aESKeyFile = new File(AESKeyPath); 
        privateKeyFile = new File(privateKeyFileDerPath);

    byte[] encodedKey = new byte[(int) privateKeyFile.length()];
    new FileInputStream(privateKeyFile).read(encodedKey);

    PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedKey);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PrivateKey pk = kf.generatePrivate(privateKeySpec); <---- Error

    pkCipher.init(Cipher.DECRYPT_MODE, pk);
    aesKey = new byte[AES_Key_Size / 8];
    CipherInputStream is = new CipherInputStream(new FileInputStream(AESKeyFile), pkCipher);
    aeskeySpec = new SecretKeySpec(aesKey, "AES");

My unit tests pass, but when I deployed and I load the file with ‘ClassLoader it gives me this error :

Caused by: java.security.InvalidKeyException: Invalid RSA private key
at sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:206) ~[na:1.8.0_40]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:342) ~[na:1.8.0_40]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[na:1.8.0_40]
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91) ~[na:1.8.0_40]
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75) ~[na:1.8.0_40]
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316) ~[na:1.8.0_40]
at     sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213) ~    [na:1.8.0_40]
    ... 92 common frames omitted
Caused by: java.io.IOException: DER input, Integer tag error
at sun.security.util.DerInputStream.getBigInteger(DerInputStream.java:180) ~[na:1.8.0_40]
at     sun.security.rsa.RSAPrivateCrtKeyImpl.getBigInteger(RSAPrivateCrtKeyImpl.java:214) ~[na:1.8.0_40]
at     sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:198    ) ~[na:1.8.0_40]

I compare the first 10 bytes and are equal. And the last also with the same size.

I generate the keys with the commands:

openssl genrsa -out private.pem 2048
openssl pkcs8 -topk8 -in private.pem -outform DER -out private.der -nocrypt
openssl rsa -in private.pem -pubout -outform DER -out public.der


My problem is Maven. Maven encode my keys. I solved my problem with adding a filter in the pom.xml for resources. And I change my code.


String keyDerPath = getClass().getResource(privateKeyFileDerPath).getFile();
String AESKeyPathResource = getClass().getResource(AESKeyPath).getFile();
aESKeyFile = new File(AESKeyPathResource );
privateKeyFile = new File(keyDerPath );

Leave a Reply

Your email address will not be published. Required fields are marked *