Signing fails if the public or private keys contains newlines or the usual header/footer added to keys

[vemonet]

Description of the issue

Hi, we faced issues when trying to sign a nanopub using valid RSA key pairs formatted like this public key:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72ELm6G4CTH2+pu6TcDC
b2fnbWWfW9pmB5zUrsiB8whSyXFVGmkOJ1FjyhTWYGSb31lODAHt/0VEZkHH+hAN
ZZnuhtEVXefMqss8rJKmnR2GuT8QX4iEZTOwdQ6Xdf/CUSEDHl2XoOnaL/ynF+6D
peIZAQdTU5OUzjWmVLqIzACqocdZZrZ1z5FU91/rUtqulJI2e87zlioQTVU7TX+h
ImKTkHAQECHkmnhuBNPTITQviHCvQb6963JHtNzgMPpJVYUmKeUcMS2z63QAzyP0
0Ghf9wVzSi0q8EMyLCKwrRVM2dAYu7yH7V3s8Ttm/z598SeULXHozkMG5j8FME8E
qQIDAQAB
-----END PUBLIC KEY-----

Here is the full error trace:

RuntimeError: Error in nanopub-java when running /opt/nanopub/bin/nanopub-java sign /tmp/tmpr57t3ruf/temp.trig -k /home/id_rsa: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
	at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251)
	at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
	at org.nanopub.extra.security.SignNanopub.loadKey(SignNanopub.java:232)
	at org.nanopub.extra.security.SignNanopub.run(SignNanopub.java:105)
	at org.nanopub.extra.security.SignNanopub.main(SignNanopub.java:77)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.nanopub.Run.run(Run.java:76)
	at org.nanopub.Run.main(Run.java:27)
Caused by: java.security.InvalidKeyException: invalid key format
	at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:330)
	at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:355)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:136)
	at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80)
	at java.base/sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:356)
	at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:247)
	... 10 more

How we fixed it

We figured out the issue came from the fact that the public and private keys contained -----BEGIN PRIVATE KEY-----, -----END PRIVATE KEY----- and newlines. Which is a common formatting practice when generating RSA key pairs

We managed fix it and sign nanopubs with the key pair by removing the problematic parts from the key files. Here is the python code snippet we used:

private_key_str = private_key_str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace("\n", "").strip()
public_key_str = public_key_str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace("\n", "").strip()

Additional information

Note also that nanopub-java requires the RSA key to use the PKCS#8 syntax to be able to sign

Here is how we generate the keys with python using the pycryptodome library:

from Crypto.PublicKey import RSA
key = RSA.generate(2048)
private_key_str = key.export_key('PEM', pkcs=8).decode('utf-8')
public_key_str = key.publickey().export_key().decode('utf-8')

Question

Would it be possible that nanopub-java supports key files with header/footer and newlines?