diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
index 3e65c49f..cc775faa 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -139,7 +139,9 @@ public class PKCS8KeyFile
                     JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
                     decryptorBuilder.setProvider("BC");
                     try {
-                        passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
+                        // Do not return null, as JcePEMDecryptorProviderBuilder$1$1.decrypt would throw an exception
+                        // in that case because it requires a 'password' (i.e. passphrase).
+                        passphrase = pwdf == null ? "".toCharArray() : pwdf.reqPassword(resource);
                         kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));
                     } finally {
                         PasswordUtils.blankOut(passphrase);