[appengine-java] Problem with using OpenSSL-generated RSA key on App Engine Java

[Dado Colussi]

I have generated an RSA key pair with OpenSSL, and I am successfully using
it in App Engine Java SDK 1.5 on Mac OS X 10.5.8 with Java 6. However, when
I run the code on App Engine (real), generatePrivate() throws an exception:

InputStream is = context.getResourceAsStream("/WEB-INF/private.der");
String keyString = new Scanner(is).useDelimiter("\\A").next();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyString.getBytes());
PrivateKey privateKey =
KeyFactory.getInstance("RSA").generatePrivate(keySpec);


java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: IOException : short read of integer
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:359)

I have also tried storing the key base64-encoded in the source code, and
converting it to bytes when needed, but the same problem occurs.

I produced the RSA key pair with the following commands:

openssl genrsa -out private.pem 1024
openssl pkcs8 -topk8 -nocrypt -in private.pem -inform PEM -outform DER -out
private.der

If I replace reading private.der with generating an entirely new key (as a
test), I no longer get an exception:

KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
PKCS8EncodedKeySpec keySpec = new
PKCS8EncodedKeySpec(generator.genKeyPair().getPrivate().getEncoded());
PrivateKey privateKey =
KeyFactory.getInstance("RSA").generatePrivate(keySpec);

Why is my OpenSSL-generated RSA key failing on App Engine, and how should I
solve this problem?

Thank you for any help.


P.S. This is my private.pem, if anyone is interested trying it out:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC4v7PH3DxMxYiggaFbkI2n0jQKoMBHMKPi+oVF3UYytkq9GApl
P1FMGFmDj5QHI02BQWTpnJ+t3rSlko3QKc7Y1W7enMNcY6tUtQDgchfAabSTXMmf
7STWsURMC0bCCYcDdIXmcduyAHDAgveUWrLACC2nambFV3tDDu8BxIYIRwIDAQAB
AoGAFlrL7DEP8tIsGA/XcHbrTRU4StjsqzCNhBeALNX7eoNoQ7029M1WjvibTDoB
VWPGKw+4oDPddnJuNWKoWjnU118YYfUVIaE1ZkCfc6vbrw5p5VDEw0777stYqxTH
s7Ipr5S/sq1Lh76OQWIP8QeZylLXKJ68H1O2KMRZxsS5PSECQQDtHFrEmm6aR7jT
4L2eH8to/D7rbAjk6KEfHQZyYh6id4YSTPFist8OZN7vgvCMxzcILZzyGvCrphm/
W3KU6k7fAkEAx3d6DDqINw09CGP7+3BGza7Y+SSkJaMA+UftjGgkR1CD034f9n0t
ROIcD8PTZ0zFvDlDSl3XpYWaFt7vXyC7mQJAOSgaoUXw33Pmk/ya+OEFMZuMt0dl
pXiGTm+6vBv28ocJZKPzlC02I8whCW9w+R6Un34PVTU1SstRbZVnu4n31QJBAK5q
QKRUwisxPj8J/pqcUK0lyMACVC483GsdhBAUODTLqJnUXWqRhnYHKPZ4C3D2Zqjx
gW+Toy8vJc/93F3YJ3ECQQCms3IxaFq7krk1NBz8BfHbuNbIVivzvAoAQqloTITX
P4ZkuXb/cdqkoxHDTApTE3Ls3lp5vDkVJ4yDoQBUy1DF
-----END RSA PRIVATE KEY-----

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.