Archived Forum Post

Index of archived forum posts


CkPrivateKey::LoadPkcs8Encrypted() failure in

Jul 31 '14 at 09:43

The following code fails in, but used to work fine (eg. in

CkPrivateKey key1;
assert (key1.LoadRsaDerFile (“demo512.der”));  // ok, 512 bit rsa DER key loaded 
assert (key1.SavePkcs8EncryptedFile (“secret”, ”demo512.enc”)); // ok, saved an encrypted copy
CkPrivateKey key2;
assert (key2.LoadPkcs8EncryptedFile(“demo512.enc”, “secret”); // assertion fails with

The error text says:

algorithm; des
keyLength: 192
outputSize: 22
invalid ASN.1 for unencrypted PKCS8…
Password may be incorrect.
Error_Code: 64

The demo512.enc file created using is too small; only 94 bytes vs 426 bytes when using the library. (The original demo512.der file was 319 bytes.) So it seems :SavePkcs8EncryptedFile is to blame here.

Please take a look at this,

Thanks! /Sune


Thanks! I'm investigating...


This is fixed. What build do you need (programming language, operating system, 32-bit/64-bit, etc.)?

PS> Each time a problem is fixed, the test case is added to the internal QA suite, and all tests in the QA suite must pass prior to new version releases.

PS> Also, this error was caused by improvements in keeping private keys encrypted and non-exposed when in memory.


The fix is available in v9.5.0.43 here: