Only RSA, generated on Android is working properly under Android (5.0+ devices)

Question

I've tried to use RSA. I wanted to check, if all is correct, so I used encryption and decryption (only for testing).

It seems, that only the private key, that was generated under android is working properly.

I'm getting the following error for RSA keys, that were generated via openssl:

 java.security.spec.InvalidKeySpecException: java.lang.RuntimeException:
 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

For public keys all is working for androidgenerated and opensslgenerated keys.

final String RSA_ENCODED_PRIVATE_KEY_ANDROID_GENERATED = "" +
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD8z7AfzAPlOrKUEOH0fewwLHUq" +
"F+kEhETFTYr+5p0IanXKBZPI+hbvk5zKaZkX6FhyiIdwCmyELsQk2L43xkW6YXzg9bL4xSx06VcA" +
"iWDk4onU3K9pVC51Tq1Z+ygg3zvSSoRaUxW3aNHDygx8oIIJpuOQ7x+2TF8sFq1GIy2YdH/Eih02" +
"s2/w3ExykxBn+5rWgj0ZpoWO34umRfQooYeThbJx94v2ap7lOOPPZFiKvH7mUDbOJfb3xcGPynJE" +
"45oDNaew/yOeAjCS/ISHJcZjF8ip7/YKsMRQXCQxzCyUSSEH9ifj90K46H2vx46E7JHBMQk0IuyL" +
"jqL8V3dYhmibAgMBAAECggEAJ9wjG9BR6OmJUHkc9yyHecz4qCte7Pxhz237dVcs+S+35KNeerib" +
"tyhh9zQRFEjo8R3/pLWwCGNLP7gAvdCAG/PU+a8jib+k08YalpYSdeQV8T7eVVAVhx9hi6di21P3" +
"HZ/sIEWrTeCz+he4QkoYVqc+iBJ7wIVoGA53QXC4dqnPZmPcQgaNOAgfz+FTB6ybPduZhL21Qgtq" +
"1IlJ+N5j8mykILj5J1FqCDq5PJA4BwL7f/QK7xRZ8BJGE/6LCmNjXym6C/Dc+uTpIkFiDE2LfgDG" +
"EWVoSnr5kRdt0ucCGPLyCjQ+SrAFtypE6MzL2rC4kfBR1KdXuZB37P+Mlabr0QKBgQD+3yn+Nx4Q" +
"Op8VafH1ntL0vWrQhHoXicisJdWL3dbXELRmEPzOrrlsfhzU5SVLlXBD/eW+aOM745vbQZ9eeBhE" +
"us/QE0ofHPaqy68YFI8IgXSWPGWWimWwNVxZnllAV/8KMU4wRWpcxs7TIbKpRL4EMBk6L610Zq83" +
"1XxqOzqJCQKBgQD97jBdFls+5TQ5u+ws0m8DCtM1kuN+AYFI5UuN6+UBTo1zY/MvolrF5aqTxrUp" +
"xAt6+kPl/0FExIgXJ61kl8o5ZbRGUaZtVUUytDAoJpbYjOzZ7WrRRUwkh5aMmwJraBctR+udkF8N" +
"8+JqiOLbzKRNVWmrw2U7eO3zB/MRi09BgwKBgBpQE9fI/POT+cSOMYq4IPNfct2gL7KqaOtM5KUR" +
"/BIsCVPYQSFdbItE4dkg5x7MiNCcL9HepkcSko6qUbfBElBWMQo8U5SuutCbQrJrvPCV3OF9zsch" +
"9qmgeK5P6Mr5yrzUpkvZfsehRs0JV5aeIDfyd0hIj9HKoCBVjAizoLFxAoGBANLNV+0PUDSIhrCf" +
"J1OWZn46EFjbVmwWx8NCR1TMTlKlaZwvj4Ut3PmIzfDb9y1zCKzQ8mkPXJnAJdJDKBjoQgMgQWZX" +
"Bjihn06Wc5wBXRzs8PuBszmDs9Bnlz2muX187jCzEhC994tXudEDToF2A7gHfjAPiAy1OaSWJt2b" +
"rvINAoGBAP6FnMeqrLEmU14vfPOWBSsPeEPI3kCOUhvMo29SnLx5gdE/gocq5AMEydNt0zIWwLAu" +
"qiO74DIJmK+b10czQg4+sJhk4iQ1cK/k0QQ4wrpu3JDgpgKPFeiyTgPyUHh1O57RCXS2feZAAU2o" +
"napBWm7pfLOyAgoB2Im88GMFTnMY";    

final String RSA_ENCODED_PRIVATE_KEY_OPENSSL_GENERATED = "" +
"MIIEpQIBAAKCAQEA+cNkMcWTXY5ZXxwwg0AkrZ5jVyoTTBbYqHWRghrOnpddES48" +
"COot9/oeKElu17Q+AfWTTsWTlR8pQdnVsT1fBQJrZSY/YCsNbKv4BfKnurxOQyck" +
"Tz5ysIitWqJCpiPvRB957jWMIMMPcB/VmI0q6wZ+f7BaTl89QKSR8nWQDgkOdQc7" +
"D/aSUdWckak6ILvZAcjhzR0OL6O6TaeKgHT1g7slexO3haMKbaW8dc1Vgq/D7cAi" +
"EBTGxNQLhEL8LPUnSYeQqzdKqj5xP7AUnT/0EAEX5Oz3zNzZozNDNhcbZXx+xike" +
"s60y+6MPW2ihKBt1G/BwUBj3VpAjdlq1y/2lKQIDAQABAoIBAQDkWGQpMPaLCVLi" +
"JrafuKwP44f1L+2WmiiY02wl4/ZVfhNDWt7eU6OVXKHnuUNSiGJMjkWQNgi4xFWG" +
"8+5v7akKvmyLfI1ikdnjKdJHNdNtYS24LXf/zxsyFLNQ8po2pRHiWVizlVc4uL1L" +
"iH9SynWbjENo4EWf82jfydX5MsxyVrz1qmh5JeQC4VgxFdpz8Q912gfAc+h9QK8e" +
"x6MVP/LoIeDBuQf4+1kmTN3Szyc+y0i1Bfem8NrswlTobBXwV4CcnvX+kArDlOTG" +
"H6+j5murcZe2A/un/mUSC/3hCC84wEkr8uJsZ0JkNRqBga55Rema7AcFIZ04AZvl" +
"gEroQboBAoGBAP6svxtfmBArLNZe+Opm8ena7RG5b9WHFMnrND7in/2GTHQlfteq" +
"csFAKxnuq9BiBlY3Qm65o8etm7GdSRlUwiBy2r8P1RfV6LGRFK/Jzgk9gDh+yJpg" +
"rEEQ6c0n0FJtOloNehP7sYIOSSPqztyFH7QGkTMxqUT+GOfQsal+RnlBAoGBAPsQ" +
"GiinmsSlZ1xaA2knGKIiez7ms1/Dv5BIpjme9JkR7uIg+5WPcFBqufMdQ98OmFlT" +
"u1aPHW3/+eis/R1Y24h30TBH4DvhXz7D+OIUDOTfBEQ83bGSNP4AInhNlCfzDV1Y" +
"SjdMKoGyMxd7tWPxtDkoC3VBbz8dpEMZF3z4FgnpAoGBANC2J6Q6UneluogwqxQG" +
"q+j4FuM4spMusfXMwTNsLKvr/QoOlIYQVR1VBj2pYLtVKlZL0TDHCJcjCv6jpP2S" +
"fclz9xsv0XZIQvwKpwZtf2IJOeSS2rnR0jk8sC8Gmu6CP5j/hHWOBupL5Nr/muoU" +
"W2gBHcvzvgIhr62DVaZPK1hBAoGBAOqsq3by66UCYvIdJXEF3W24Q3GRXXuXUpmA" +
"fvf/T+1AqQVwBRpQoJBaooPQCCAY2Wkt7j/DuKOYkLXf9RyYcWRHcx7pIH14dXoK" +
"3rocOc05dRh/uE4CN0xxPccr5N/OveBR5dV4eYcP1dgOh4frZyXB+6vXxS+++krJ" +
"yn3Cu375AoGASxHCB0gdfYRyWQEl0WoL1eyohdAJf08kVBZtAQ2jLeqY0ZEdUpzG" +
"+99qyw2IysGMwmjCxribLwbUm2cg74lZnX0NQH4HfQ5Pp4c0RUyJARrVzPhyQ1lu" +
"vgPZpCebTX9/118crlHQlTiGD4M258ghR8msm/+p4Efl8NvEcQ35y04=";

byte[] keyBytes = Base64.decode(RSA_ENCODED_PRIVATE_KEY_ANDROID_GENERATED, Base64.DEFAULT);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(spec);//working    

byte[] keyBytesOpenSSL = Base64.decode(RSA_ENCODED_PRIVATE_KEY_OPENSSL_GENERATED, Base64.DEFAULT);
PKCS8EncodedKeySpec specOpenSSL = new PKCS8EncodedKeySpec(keyBytesOpenSSL);
KeyFactory keyFactoryOpenSSL = KeyFactory.getInstance("RSA");
PrivateKey keyOpenSSL = keyFactoryOpenSSL.generatePrivate(specOpenSSLenter code here);//java.security.spec.InvalidKeySpecException

Answer 1

The structure of the OPENSSL version is different from the ANDROID one.

See both data structures in the online ASN.1 decoder:

RSA_ENCODED_PRIVATE_KEY_ANDROID_GENERATED

RSA_ENCODED_PRIVATE_KEY_OPENSSL_GENERATED

Therefore I assume that the OPENSSL version is not a valid PKCS#8 structure, only a subset containing the PrivateKey structure.

May be you executed the wrong command using OpenSSL, if I read the documentation correct it creates by default a PKCS#1 structure. If you want a PKCS#8 strcusture you have to convert it later using openssl pkcs8 .. command.