000026110 - How to decrypt private key protected by a PKCS #5 version 2 PBE (password-based encryption) algorithm

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026110
Applies ToRSA BSAFE Crypto-J 3.2 and prior versions
IssueHow to decrypt private key protected by a PKCS #5 version 2 PBE (password-based encryption) algorithm
RSA BSAFE Crypto-J fails when attempting to load the BER-encoded PKCS #8 encrypted key data using the JSAFE_SymmetricCipher.unwrapPrivateKey() method
ResolutionWhile RSA BSAFE Crypto-J does support PKCS #5 version 2, it cannot yet recognize the OIDs from a BER-encoded key. To work around this problem, it is possible to manually pull apart the OID to determine which algorithm and parameters are required. After this is determined, use the PKCS5v2-i-k transformation with the JSAFE_SymmetricCipher.getInstance() for the decryption.  You will also need to pull apart the PKCS #8 EncryptedPrivateKeyInfo to obtain the data to decrypt.  Contact RSA Developer Support if you need more details.
Legacy Article ID6.0.3318182.2914371