Getting a pad block corrupted error

[Prasadnair]

Hello @claboran,

I'm facing an issue while validating the private key and passphrase. Please advise what would be the root cause of the error "pad block corrupted"

at Org.BouncyCastle.Crypto.Paddings.Pkcs7Padding.PadCount(Byte[] input)
at Org.BouncyCastle.Crypto.Paddings.PaddedBufferedBlockCipher.DoFinal(Byte[] output, Int32 outOff)
at Org.BouncyCastle.Crypto.BufferedBlockCipher.DoFinal(Byte[] input, Int32 inOff, Int32 inLen)
at Org.BouncyCastle.OpenSsl.PemUtilities.Crypt(Boolean encrypt, Byte[] bytes, Char[] password, String dekAlgName, Byte[] iv)
at Org.BouncyCastle.OpenSsl.PemReader.ReadPrivateKey(PemObject pemObject)
at Org.BouncyCastle.OpenSsl.PemReader.ReadObject()
at ForceDotNetJwtCompanion.Util.KeyHelpers.CreatePrivateKeyWrapperWithPassPhrase(String key, String passphrase)
at ForceDotNetJwtCompanion.JwtAuthenticationClient.d__29.MoveNext().

Note:
we are renewing our certificate.

[claboran]

@Prasadnair: How did you generate the key? Would be good to have the version too.

[claboran]

@Prasadnair Did you have the --traditional flag added?
openssl genrsa -des3 -traditional -passout pass:secret -out server-new.pass.key 2048

[Prasadnair]

we are using external certificate. I upload the public key and validated using the private key.

private key below
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

[Prasadnair]

got another issue when tried with another private which I received form the platform team.
System.InvalidCastException: 'Unable to cast object of type 'Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters' to type 'Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair

any insights on this?

[Prasadnair]

Pad block corrupted error again
at Org.BouncyCastle.Crypto.Paddings.Pkcs7Padding.PadCount(Byte[] input)
at Org.BouncyCastle.Crypto.Paddings.PaddedBufferedBlockCipher.DoFinal(Byte[] output, Int32 outOff)
at Org.BouncyCastle.Crypto.BufferedBlockCipher.DoFinal(Byte[] input, Int32 inOff, Int32 inLen)
at Org.BouncyCastle.OpenSsl.PemUtilities.Crypt(Boolean encrypt, Byte[] bytes, Char[] password, String dekAlgName, Byte[] iv)
at Org.BouncyCastle.OpenSsl.PemReader.ReadPrivateKey(PemObject pemObject)
at Org.BouncyCastle.OpenSsl.PemReader.ReadObject()
at ForceDotNetJwtCompanion.Util.KeyHelpers.CreatePrivateKeyWrapperWithPassPhrase(String key, String passphrase)
at ForceDotNetJwtCompanion.JwtAuthenticationClient.d__29.MoveNext()

[Prasadnair]

Final Update:
I followed the below steps

Generate a private key, and store it in a file called server.key
openssl genrsa -des3 -passout pass:secret -out C:\CT\SFCert\server.pass.key 2048
openssl rsa -passin pass:secret -in C:\CT\SFCert\server.pass.key -out C:\CT\SFCert\server.key
Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted.
openssl req -new -key C:\CT\SFCert\server.key -out C:\FCT\SFCert\server.csr
Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt
openssl x509 -req -sha256 -days 500 -in C:\CT\SFCert\server.csr -signkey C:\CT\SFCert\server.key -out C:\CT\SFCert\server.crt

now I'm getting this error:
System.InvalidCastException: 'Unable to cast object of type 'Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters' to type 'Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair'.'

[Prasadnair]

I created the crt using OpenSSL 1.1 with 32 bit. it got success.

how this can be achieved using OpenSSL 3.0 Please advise

[claboran]

@Prasadnair I need to check how I can get this to work for OpenSSL 3. I know that this is an long term issue.