Add PKCS8 parsing to support PEM ASN.1 Private Keys (#708)

* Enhanced PKCS8 parsing to support PEM ASN.1 Private Keys * Corrected copyright year to match existing license headers
2025-12-06 07:10:53 +03:00 · 2021-08-27 08:25:52 -05:00
parent a016974743
commit bb2c48e20c
10 changed files with 427 additions and 1 deletions
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -18,7 +18,10 @@ package net.schmizz.sshj.userauth.keyprovider;
 import com.hierynomus.sshj.common.KeyDecryptionFailedException;
 import net.schmizz.sshj.common.IOUtils;
 import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.userauth.keyprovider.pkcs.KeyPairConverter;
+import net.schmizz.sshj.userauth.keyprovider.pkcs.PrivateKeyInfoKeyPairConverter;
 import net.schmizz.sshj.userauth.password.PasswordUtils;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.openssl.EncryptionException;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
@@ -52,6 +55,7 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {

    protected char[] passphrase; // for blanking out

+    protected KeyPairConverter<PrivateKeyInfo> privateKeyInfoKeyPairConverter = new PrivateKeyInfoKeyPairConverter();

    protected KeyPair readKeyPair()
            throws IOException {
@@ -82,8 +86,12 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
                    }
                } else if (o instanceof PEMKeyPair) {
                    kp = pemConverter.getKeyPair((PEMKeyPair) o);
+                } else if (o instanceof PrivateKeyInfo) {
+                    final PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) o;
+                    final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
+                    kp = pemConverter.getKeyPair(pemKeyPair);
                } else {
-                    log.debug("Expected PEMEncryptedKeyPair or PEMKeyPair, got: {}", o);
+                    log.warn("Unexpected PKCS8 PEM Object [{}]", o);
                }

            } catch (EncryptionException e) {
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/DSAPrivateKeyInfoKeyPairConverter.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/DSAPrivateKeyInfoKeyPairConverter.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider.pkcs;
+
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Objects;
+
+/**
+ * Key Pair Converter from DSA Private Key Information to PEM Key Pair
+ */
+class DSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
+    private static final Logger logger = LoggerFactory.getLogger(DSAPrivateKeyInfoKeyPairConverter.class);
+
+    private static final int P_INDEX = 0;
+
+    private static final int Q_INDEX = 1;
+
+    private static final int G_INDEX = 2;
+
+    /**
+     * Get PEM Key Pair calculating DSA Public Key from DSA Private Key Information
+     *
+     * @param privateKeyInfo DSA Private Key Information
+     * @return PEM Key Pair
+     * @throws IOException Thrown on Public Key parsing failures
+     */
+    @Override
+    public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
+        final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
+        final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
+        if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
+            logger.debug("DSA Algorithm Found [{}]", algorithm);
+        } else {
+            throw new IllegalArgumentException(String.format("DSA Algorithm OID required [%s]", algorithm));
+        }
+        final ASN1Integer encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
+        final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
+        return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
+    }
+
+    /**
+     * Get ASN.1 Encoded Public Key calculated according to RFC 6979 Section 2.2
+     *
+     * @param privateKeyInfo DSA Private Key Information
+     * @return ASN.1 Encoded DSA Public Key
+     * @throws IOException Thrown on failures parsing private key
+     */
+    private ASN1Integer getEncodedPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        final ASN1Integer privateKey = ASN1Integer.getInstance(privateKeyInfo.parsePrivateKey());
+        final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
+        final DSAParameters dsaParameters = getDsaParameters(algorithmIdentifier);
+        final BigInteger publicKey = dsaParameters.getG().modPow(privateKey.getValue(), dsaParameters.getP());
+        return new ASN1Integer(publicKey);
+    }
+
+    private DSAParameters getDsaParameters(final AlgorithmIdentifier algorithmIdentifier) {
+        final ASN1Sequence sequence = ASN1Sequence.getInstance(algorithmIdentifier.getParameters());
+        final ASN1Integer p = ASN1Integer.getInstance(sequence.getObjectAt(P_INDEX));
+        final ASN1Integer q = ASN1Integer.getInstance(sequence.getObjectAt(Q_INDEX));
+        final ASN1Integer g = ASN1Integer.getInstance(sequence.getObjectAt(G_INDEX));
+        return new DSAParameters(p.getValue(), q.getValue(), g.getValue());
+    }
+}
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/ECDSAPrivateKeyInfoKeyPairConverter.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/ECDSAPrivateKeyInfoKeyPairConverter.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider.pkcs;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKey;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
+import org.bouncycastle.math.ec.ECMultiplier;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Objects;
+
+/**
+ * Key Pair Converter from ECDSA Private Key Information to PEM Key Pair
+ */
+class ECDSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
+    private static final Logger logger = LoggerFactory.getLogger(ECDSAPrivateKeyInfoKeyPairConverter.class);
+
+    private static final boolean POINT_COMPRESSED = false;
+
+    /**
+     * Get PEM Key Pair calculating ECDSA Public Key from ECDSA Private Key Information
+     *
+     * @param privateKeyInfo ECDSA Private Key Information
+     * @return PEM Key Pair
+     * @throws IOException Thrown on Public Key parsing failures
+     */
+    @Override
+    public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
+        final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
+        final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
+        if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
+            logger.debug("ECDSA Algorithm Found [{}]", algorithm);
+        } else {
+            throw new IllegalArgumentException(String.format("ECDSA Algorithm OID required [%s]", algorithm));
+        }
+        final byte[] encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
+        final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
+        return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
+    }
+
+    /**
+     * Get Encoded Elliptic Curve Public Key calculated according to RFC 6979 Section 2.2
+     *
+     * @param privateKeyInfo ECDSA Private Key Information
+     * @return Encoded Elliptic Curve Public Key
+     * @throws IOException Thrown on failures parsing private key
+     */
+    private byte[] getEncodedPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        final X9ECParameters parameters = getParameters(privateKeyInfo.getPrivateKeyAlgorithm());
+        final ECPrivateKey ecPrivateKey = ECPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
+        final ECPoint publicKey = getPublicKey(parameters, ecPrivateKey.getKey());
+        return publicKey.getEncoded(POINT_COMPRESSED);
+    }
+
+    private X9ECParameters getParameters(final AlgorithmIdentifier algorithmIdentifier) {
+        final ASN1ObjectIdentifier encodedParameters = ASN1ObjectIdentifier.getInstance(algorithmIdentifier.getParameters());
+        return ECUtil.getNamedCurveByOid(encodedParameters);
+    }
+
+    private ECPoint getPublicKey(final X9ECParameters parameters, final BigInteger privateKey) {
+        final ECMultiplier multiplier = new FixedPointCombMultiplier();
+        return multiplier.multiply(parameters.getG(), privateKey);
+    }
+}
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/KeyPairConverter.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/KeyPairConverter.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider.pkcs;
+
+import org.bouncycastle.openssl.PEMKeyPair;
+
+import java.io.IOException;
+
+/**
+ * Converter from typed object to PEM Key Pair
+ * @param <T> Object Type
+ */
+public interface KeyPairConverter<T> {
+    /**
+     * Get PEM Key Pair from typed object
+     *
+     * @param object Typed Object
+     * @return PEM Key Pair
+     * @throws IOException Thrown on conversion failures
+     */
+    PEMKeyPair getKeyPair(T object) throws IOException;
+}
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/PrivateKeyInfoKeyPairConverter.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/PrivateKeyInfoKeyPairConverter.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider.pkcs;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.openssl.PEMKeyPair;
+
+import java.io.IOException;
+import java.util.Objects;
+
+/**
+ * Key Pair Converter for Private Key Information using known Algorithm Object Identifiers
+ */
+public class PrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
+    private DSAPrivateKeyInfoKeyPairConverter dsaPrivateKeyInfoKeyPairConverter = new DSAPrivateKeyInfoKeyPairConverter();
+
+    private ECDSAPrivateKeyInfoKeyPairConverter ecdsaPrivateKeyInfoKeyPairConverter = new ECDSAPrivateKeyInfoKeyPairConverter();
+
+    private RSAPrivateKeyInfoKeyPairConverter rsaPrivateKeyInfoKeyPairConverter = new RSAPrivateKeyInfoKeyPairConverter();
+
+    /**
+     * Get PEM Key Pair delegating to configured converters based on Algorithm Object Identifier
+     *
+     * @param privateKeyInfo Private Key Information
+     * @return PEM Key Pair
+     * @throws IOException Thrown on conversion failures
+     */
+    @Override
+    public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
+        final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
+        final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
+
+        if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
+            return rsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
+        } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
+            return ecdsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
+        } else if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
+            return dsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
+        } else {
+            throw new IllegalArgumentException(String.format("Unsupported Algorithm [%s]", algorithm));
+        }
+    }
+}
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/RSAPrivateKeyInfoKeyPairConverter.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/RSAPrivateKeyInfoKeyPairConverter.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider.pkcs;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
+import org.bouncycastle.asn1.pkcs.RSAPublicKey;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.Objects;
+
+/**
+ * Key Pair Converter from RSA Private Key Information to PEM Key Pair
+ */
+class RSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
+    private static final Logger logger = LoggerFactory.getLogger(RSAPrivateKeyInfoKeyPairConverter.class);
+
+    /**
+     * Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
+     *
+     * @param privateKeyInfo RSA Private Key Information
+     * @return PEM Key Pair
+     * @throws IOException Thrown on Public Key parsing failures
+     */
+    @Override
+    public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
+        final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
+        final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
+        if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
+            logger.debug("RSA Algorithm Found [{}]", algorithm);
+        } else {
+            throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
+        }
+
+        final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
+        final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
+        return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
+    }
+
+    private RSAPublicKey getRsaPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
+        final RSAPrivateKey rsaPrivateKey = RSAPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
+        return new RSAPublicKey(rsaPrivateKey.getModulus(), rsaPrivateKey.getPublicExponent());
+    }
+}
--- a/src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
+++ b/src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
@@ -25,6 +25,9 @@ import org.junit.Test;

 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;

@@ -59,4 +62,36 @@ public class PKCS8KeyFileTest {
        assertEquals(rsa.getType(), KeyType.RSA);
    }

+    @Test
+    public void testPkcs8Rsa() throws IOException {
+        final PKCS8KeyFile provider = new PKCS8KeyFile();
+        provider.init(getReader("pkcs8-rsa-2048"));
+        assertEquals("RSA", provider.getPublic().getAlgorithm());
+        assertEquals("RSA", provider.getPrivate().getAlgorithm());
+    }
+
+    @Test
+    public void testPkcs8Ecdsa() throws IOException {
+        final PKCS8KeyFile provider = new PKCS8KeyFile();
+        provider.init(getReader("pkcs8-ecdsa"));
+        assertEquals("ECDSA", provider.getPublic().getAlgorithm());
+        assertEquals("ECDSA", provider.getPrivate().getAlgorithm());
+    }
+
+    @Test
+    public void testPkcs8Dsa() throws IOException {
+        final PKCS8KeyFile provider = new PKCS8KeyFile();
+        provider.init(getReader("pkcs8-dsa"));
+        assertEquals("DSA", provider.getPublic().getAlgorithm());
+        assertEquals("DSA", provider.getPrivate().getAlgorithm());
+    }
+
+    private Reader getReader(final String filename) {
+        final String path = String.format("/keyformats/%s", filename);
+        final InputStream inputStream = getClass().getResourceAsStream(path);
+        if (inputStream == null) {
+            throw new IllegalArgumentException(String.format("Key File [%s] not found", path));
+        }
+        return new InputStreamReader(inputStream);
+    }
 }
--- a/src/test/resources/keyformats/pkcs8-dsa
+++ b/src/test/resources/keyformats/pkcs8-dsa
@@ -0,0 +1,9 @@
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBALlumhAX50pMBL5i2/1alO+oIIQC
+/QQxBrs7e0KvmIeSFmiM/Vi77AIbEQl8RmsP7e7Pa3J91h+HQKq4xVxIGROMCmBM
+RrauKWUujHVZ7LBNoYXmek2dqQsico3KdPMca/A5vracvmPNzK8dbx5Yt6VsgIdC
+VJS4rCdyYcyUASMtAhUAxn3o/n3wh0YW88AiN9WavRibhykCgYBOfIqfCB0aP0LG
+BNv4JZQF4G9v4cZDXdU38xzc15o99F1VfBklCwqKhezeH8559Ss01UPGixePBaVf
+NBsUDfgxk0Zk1VeXS2iKE0A27xtyf4b8nPhIpkxS/P8rTHOJPBVsE19XMyFIUH6X
+IZVGfq7R6TQPoYC7h4VzajwQatTeXAQXAhUAo7/KYkrT2uGzEUTK0tPKihqGUJQ=
+-----END PRIVATE KEY-----
--- a/src/test/resources/keyformats/pkcs8-ecdsa
+++ b/src/test/resources/keyformats/pkcs8-ecdsa
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSO8998+yUgpmRqyc
+qJZdKVyBBPyJafnyrkXpW4QF52+hRANCAAT/wLRpL4zxm33zVOkTYAjzQ/oTzULv
+hQg0/XtsCcpp3FEF3gsnJJZXe9KENxr5pQ3QexZ0QcUSE/zWjx5zhCef
+-----END PRIVATE KEY-----
--- a/src/test/resources/keyformats/pkcs8-rsa-2048
+++ b/src/test/resources/keyformats/pkcs8-rsa-2048
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrCGE/428Y6Wun
+rkKPP2AibBbAVoo+G2SvagmqlPwX9VIovqlG6ez4+SKtoaxUkJGrm5eZg8o+Gc3r
+0qZFIMPcZTHr16WvucYfdGZwd4GIw+9wHr6orE7cSgjg8SEcr8ctNmv5VgmLk1H
+wCwhfbh7/bNNnoKPnweE+B8KlRq0y5P6o05oxqM4EwPceRW1tWKebTK+Hc3Cp5FE
+IVhpKB1AY3FW5bebTOnP8TmXoCWEnDj702tyl+UmV5Mir+YARLICNkahGP9FGNi
+5YeZfbibgWwdB3sBVQXWEbF+LW1RXwWlF+soRemaNC2VfMrCqZ2dccx/BJornkyr
+1NH7QlHDAgMBAAECggEANxai5EYoQZjlkQPi8mrSVyQDi/4T1v9RxeJcrLICJOFi
+jjcjJPEx39u3HMAHVtGd6e1avhqh6LC9D/ZHx9jAghfueQb2a42ft9bGzUSRc96V
+MmQt+E6w0VmYOSA3CwY+oktqFmrDosClKagvTrZE1sMXnregjAwICv80WF9AU9z7
+wI0XPJEYlqYj96lfT8n8LyMOHRDcSOEtI9WnF++n+nduTDFrhQ6yzRoJFz3sQi3k
+AwOFXgxenlRrtReCVjIyXSoki6md5alNiQr+AZI25YfMzmQQOmOjRWGefenOf18n
+HiiPhYlxteOjVbcwBFYL0mdIEFHPcftahgOu5eSzMQKBgQDVra22+2DCP3YkKMBU
+xiuT0Rvjb0LtAfmO89vCXi8o79gkp+YqHsojtUXf6KqgBteh9hFQ8kBJEaqn7dCu
+VjmrWm7zoNiYl8USdb4pHiBRj3Nw7gIA3qusMs1TWedyTSb0miaT32z65QlPQde/
+vgOC++5HsuD8aNOT+fZpN8InuwKBgQDM6GZX/g0UQvU0Cg2u3RztXKZkvGQiEAMu
+MbFDpJ/m8kfBrMLQZQqrYtx1ahYRVc3XFHyii51WnwgO97BPykFy3Clkj9/mU942
+YAHYjP7f+Ujt1DZIa06aneh0aduFJZkkOYdKIxtgTV0cL1pRAwwYOWXM9gd1gAIN
+oa0QOckJmQKBgDpAMJ0zhjsuJbzRxyzVIUgYt2uXBz2pTikkXYJtPpoAWIIVq29M
+GXsGjdfui6U4eExU0n+oqtHAmS9Sa5M7Oll2O8z6ylE+/qB7rK104waY/rWIjM9D
+5LT63HKejbPhSH9iDqY9QG5dRd5vaquA12A74cd2AlONGDC88enZI3rFAoGBAIhO
+oKYwLesoj4zKk0ebdz6+v0GLwOCX3kXAcLcar/Qlf25qyj1uuaZA4X6Jz5xAg+lr
+i21lioiwyd+LDRJG7TrHEhH/U2YYrF1niFLRmErNvaHX5TRPjb51BMlMEeeEl1bt
+nf3HVNK/JA03wtDZQhZrODkcAOI9ASCoSEPe7MkhAoGBAJM+3GNBzW1dkJbwu9wN
+Cal4OhrhDCnvMM8x7ZSF2EIDT8A7ahEWtnRfUnGESNfBS1sjHp2izjeHE3DfZBsH
+WKd63qdb55h9d+dG1rbmQJWAm7ci0JFdozzGMG5Q/V6CiN0cjKka8+MjcqIHbQJ/
+kZN//+dT1Bbj9vqhEdQqswuH
+-----END PRIVATE KEY-----