Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Go to Bottom
sp_Feed Topic RSSsp_TopicIcon
org.bouncycastle.util.encoders.DecoderException when trying to create UserIdenty with .der and .pem file
June 22, 2026
12:23, EEST
Avatar
rocket science
Member
Members
Forum Posts: 131
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline
Go to Top
1sp_EditHistory sp_Permalink sp_Print

Hi,

basically the creation of a UserIdentity using a .der and .pem file works.

But now I have a specific case, where the .der and .pem file is provided by the EQ vendor to be able to connect to the OpcUA server and it seems that the .pem file can not be loaded correctly.

The code to create the user identy (with SDK version 4.10.2-62) is following:

UserIdentity userIdentity = new UserIdentity(new File(“UserCert.der”), new File(“UserCert.pem”), “pwd”);

The exception is:

org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 data
at org.bouncycastle.util.encoders.Base64.decode(Unknown Source)
at com.prosysopc.ua.stack.transport.security.BcCryptoProvider.base64Decode(SourceFile:78)
at com.prosysopc.ua.stack.utils.CryptoUtil.base64Decode(SourceFile:122)
at com.prosysopc.ua.stack.transport.security.PrivKey.load(SourceFile:117)
at com.prosysopc.ua.stack.transport.security.PrivKey.load(SourceFile:191)
at com.prosysopc.ua.SecureIdentity.a(SourceFile:473)
at com.prosysopc.ua.SecureIdentity.(SourceFile:235)
at com.prosysopc.ua.UserIdentity.(SourceFile:123)

The .der file looks like this (I’ve removed th middle part for better readability)

UserCert.der

0‚Ê0‚² ®É¢r®Vá,^0å}C¸n:Oê0
*†H†÷
….
5²fØad˾ò»‡º ×–_

The .pem file contains a ‘BEGIN/END CERTIFICATE’ section and a ‘BEGIN/END PRIVATE KEY’ section like shown here:

—–BEGIN CERTIFICATE—–
MIIGyjCCBLKgAwIBAgIUD67JonKuVuEsHV4w5X1DuG46T+owDQYJKoZIhvcNAQEL
….
ZMu+8rsDh7oaANeWAV8=
—–END CERTIFICATE—–
—–BEGIN PRIVATE KEY—–
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCcDX0o7ADB8gJb
….
bstj/beIj9MfXzAsgd84KMZCKK3m
—–END PRIVATE KEY—–

When I remove the ‘BEGIN/END CERTIFICATE’ section, the UserIdenty can be created.

So it seems that the .pem file shall contain only the ‘BEGIN/END PRIVATE KEY’ section, but not the CERTIFICATE, right?

Is there any specification that it should be like this?

Or is there any way to load the UserIdentity with a .der and .pem file which contains CERTIFICATE and PRIVATE KEY’

P.S. The UaExpert can load the UserIdentity using the .der and .pem (including CERTIFICATE and PRIVATE KEY) without problems.

Thank you for you help!

sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki
Most Users Ever Online: 1919
Currently Online:
Guest(s) 54
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 149
rocket science: 128
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 912
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1599
Posts: 6757
Newest Members:
hbf, AlbertPycle, issacwilloughby, Knut, morrisvqd188879, heathdallachy85, dewittfrantz2, devonkeenan47, chnmrc, ahmad.qureshi3@se.abb.com
Moderators: Jouni Aro: 1059, Pyry: 1, Petri: 1, Bjarne Boström: 1106, Jimmy Ni: 26, Matti Siponen: 372, Lusetti: 1
Administrators: admin: 1