Release script fails when keys are encrypted with passphrase

[codethief]

I'm following the steps from the README. When I generate keys and do not encrypt them, the release script works fine. If I do encrypt them I end up with the following error:

$ nix-build ./default.nix --arg configuration ./myconfig.nix -A generateKeysScript -o generate-keys
$ ./generate-keys ./keys
Generating redfin/releasekey key
Enter password for 'redfin/releasekey' (blank for none; password will be visible): MYPASSPHRASE
... (and so on)
$ ./release ./keys
Signing target files
Warning: releasetools script should be invoked as hermetic Python executable -- build and run `sign_target_files_apks` directly.
2021-04-12 23:32:42 - common.py - WARNING : Failed to read SYSTEM/etc/build.prop
2021-04-12 23:32:42 - common.py - WARNING : Failed to read VENDOR/etc/build.prop
2021-04-12 23:32:42 - common.py - WARNING : Failed to read PRODUCT/etc/build.prop
2021-04-12 23:32:42 - common.py - WARNING : Failed to read SYSTEM_EXT/etc/build.prop
2021-04-12 23:32:42 - common.py - WARNING : Failed to read ODM/etc/build.prop
2021-04-12 23:32:42 - common.py - WARNING : Failed to read ODM/build.prop
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/f-droid key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/microg key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/media key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/networkstack key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/platform key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/releasekey key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/shared key> MYPASSPHRASE
Enter password for /dev/shm/robotnix_keys.j5rJ2rV6hF/vanadiumwebview key> MYPASSPHRASE

Rewriting BOOT/RAMDISK/prop.default:
  replace:  ro.system.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.system.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.system.build.tags=test-keys
     with:  ro.system.build.tags=release-keys
  replace:  ro.build.display.id=RQ2A.210405.005.2021.04.06.05 test-keys
     with:  ro.build.display.id=RQ2A.210405.005.2021.04.06.05
  replace:  ro.build.tags=test-keys
     with:  ro.build.tags=release-keys
  replace:  ro.build.description=aosp_redfin-user 11 RQ2A.210405.005 2021.04.06.05 test-keys
     with:  ro.build.description=aosp_redfin-user 11 RQ2A.210405.005 2021.04.06.05 release-keys
  replace:  ro.vendor.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.vendor.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.vendor.build.tags=test-keys
     with:  ro.vendor.build.tags=release-keys
  replace:  ro.bootimage.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.bootimage.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.odm.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.odm.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.odm.build.tags=test-keys
     with:  ro.odm.build.tags=release-keys
  replace:  ro.product.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.product.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.product.build.tags=test-keys
     with:  ro.product.build.tags=release-keys
  replace:  ro.system_ext.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/test-keys
     with:  ro.system_ext.build.fingerprint=Android/aosp_redfin/redfin:11/RQ2A.210405.005/2021.04.06.05:user/release-keys
  replace:  ro.system_ext.build.tags=test-keys
     with:  ro.system_ext.build.tags=release-keys
NOT signing: Auditor.apk
        (skipped due to special cert string)
    signing: Calendar.apk                                      (/dev/shm/robotnix_keys.j5rJ2rV6hF/redfin/releasekey)

   ERROR: Failed to run signapk.jar: return code 1:
java.lang.IllegalArgumentException: illegal object in getInstance: org.bouncycastle.asn1.DLSequence
	at org.bouncycastle.asn1.ASN1Integer.getInstance(ASN1Integer.java:44)
	at org.bouncycastle.asn1.pkcs.PrivateKeyInfo.<init>(PrivateKeyInfo.java:134)
	at org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(PrivateKeyInfo.java:83)
	at com.android.signapk.SignApk.readPrivateKey(SignApk.java:279)
	at com.android.signapk.SignApk.main(SignApk.java:1144)