diff --git a/pom.xml b/pom.xml
index c6bc3de0..9230248e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,18 +49,18 @@
org.bouncycastle
bcpkix-jdk15on
- 1.49
+ 1.50
org.bouncycastle
bcprov-jdk15on
- 1.49
+ 1.50
provided
com.jcraft
jzlib
- 1.1.2
+ 1.1.3
provided
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
index 3ed6c96e..34e0bb82 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -15,6 +15,12 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
+import java.io.File;
+import java.io.IOException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.PasswordFinder;
@@ -22,17 +28,17 @@ import net.schmizz.sshj.userauth.password.PasswordUtils;
import net.schmizz.sshj.userauth.password.PrivateKeyFileResource;
import net.schmizz.sshj.userauth.password.PrivateKeyStringResource;
import net.schmizz.sshj.userauth.password.Resource;
+
import org.bouncycastle.openssl.EncryptionException;
-import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
-import java.io.IOException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
/** Represents a PKCS8-encoded key file. This is the format used by OpenSSH and OpenSSL. */
public class PKCS8KeyFile
implements FileKeyProvider {
@@ -119,14 +125,26 @@ public class PKCS8KeyFile
throws IOException {
KeyPair kp = null;
org.bouncycastle.openssl.PasswordFinder pFinder = makeBouncyPasswordFinder();
- PEMReader r = null;
+ PEMParser r = null;
Object o = null;
try {
for (; ; ) {
// while the PasswordFinder tells us we should retry
try {
- r = new PEMReader(resource.getReader(), pFinder);
+ r = new PEMParser(resource.getReader());
o = r.readObject();
+
+ JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+ pemConverter.setProvider("BC");
+ if (pFinder != null && o instanceof PEMEncryptedKeyPair) {
+ JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+ PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(pFinder.getPassword());
+ o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+ }
+ if (o instanceof PEMKeyPair) {
+ o = pemConverter.getKeyPair((PEMKeyPair) o);
+ }
+
} catch (EncryptionException e) {
if (pwdf.shouldRetry(resource))
continue;
@@ -154,4 +172,4 @@ public class PKCS8KeyFile
public String toString() {
return "PKCS8KeyFile{resource=" + resource + "}";
}
-}
+}
\ No newline at end of file