diff --git a/features/BUCK b/features/BUCK
index 8094ff9fdf..bb87afcd7a 100644
--- a/features/BUCK
+++ b/features/BUCK
@@ -36,6 +36,8 @@ osgi_feature (
     '//lib:commons-io',
     '//lib:jersey-client',
     '//lib:mapdb',
+    '//lib:bcpkix-jdk15on',
+    '//lib:bcprov-jdk15on',
   ]
 )
 
diff --git a/lib/BUCK b/lib/BUCK
index 87add7d20d..1ca9fbbdf3 100644
--- a/lib/BUCK
+++ b/lib/BUCK
@@ -1,4 +1,4 @@
-# ***** This file was auto-generated at Thu, 31 Aug 2017 21:26:06 GMT. Do not edit this file manually. *****
+# ***** This file was auto-generated at Sun, 3 Sep 2017 12:12:12 GMT. Do not edit this file manually. *****
 # ***** Use onos-lib-gen *****
 
 pass_thru_pom(
@@ -1491,3 +1491,21 @@ remote_jar (
   visibility = [ 'PUBLIC' ],
 )
 
+remote_jar (
+  name = 'bcpkix-jdk15on',
+  out = 'bcpkix-jdk15on-1.58.jar',
+  url = 'mvn:org.bouncycastle:bcpkix-jdk15on:jar:1.58',
+  sha1 = '15a760a039b040e767a75c77ffcc4ff62558f903',
+  maven_coords = 'org.bouncycastle:bcpkix-jdk15on:1.58',
+  visibility = [ 'PUBLIC' ],
+)
+
+remote_jar (
+  name = 'bcprov-jdk15on',
+  out = 'bcprov-jdk15on-1.58.jar',
+  url = 'mvn:org.bouncycastle:bcprov-jdk15on:jar:1.58',
+  sha1 = '2c9aa1c4e3372b447ba5daabade4adf2a2264b12',
+  maven_coords = 'org.bouncycastle:bcprov-jdk15on:1.58',
+  visibility = [ 'PUBLIC' ],
+)
+
diff --git a/lib/deps.json b/lib/deps.json
index 35282c4514..7ed72bc016 100644
--- a/lib/deps.json
+++ b/lib/deps.json
@@ -266,6 +266,8 @@
     "google-truth-0.28": "mvn:com.google.truth:truth:0.28",
     "google-code-findbugs-3.0.0": "mvn:com.google.code.findbugs:jsr305:3.0.0",
     "google-errorprone-2.0.19": "mvn:com.google.errorprone:error_prone_annotations:2.0.19",
-    "google-instrumentation-0.3.0": "mvn:com.google.instrumentation:instrumentation-api:0.3.0"
+    "google-instrumentation-0.3.0": "mvn:com.google.instrumentation:instrumentation-api:0.3.0",
+    "bcpkix-jdk15on": "mvn:org.bouncycastle:bcpkix-jdk15on:1.58",
+    "bcprov-jdk15on": "mvn:org.bouncycastle:bcprov-jdk15on:1.58"
   }
 }
diff --git a/protocols/netconf/ctl/BUCK b/protocols/netconf/ctl/BUCK
index 2d79045a1f..8abf233d1c 100644
--- a/protocols/netconf/ctl/BUCK
+++ b/protocols/netconf/ctl/BUCK
@@ -6,6 +6,8 @@ COMPILE_DEPS = [
     '//cli:onos-cli',
     '//lib:org.apache.karaf.shell.console',
     '//lib:sshd-core',
+    '//lib:bcpkix-jdk15on',
+    '//lib:bcprov-jdk15on',
 ]
 
 TEST_DEPS = [
diff --git a/protocols/netconf/ctl/pom.xml b/protocols/netconf/ctl/pom.xml
index c4108ae2f5..0306e181e6 100644
--- a/protocols/netconf/ctl/pom.xml
+++ b/protocols/netconf/ctl/pom.xml
@@ -78,6 +78,18 @@
             <artifactId>org.apache.karaf.shell.console</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>1.58</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.58</version>
+        </dependency>
+
     </dependencies>
 
     <build>
diff --git a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
index daba5be8b1..a1797d71f4 100644
--- a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
+++ b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
@@ -24,6 +24,7 @@ import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.Service;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.onlab.packet.IpAddress;
 import org.onosproject.cfg.ComponentConfigService;
 import org.onosproject.net.AnnotationKeys;
@@ -49,6 +50,7 @@ import org.osgi.service.component.ComponentContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.Security;
 import java.util.Arrays;
 import java.util.Dictionary;
 import java.util.Map;
@@ -128,6 +130,7 @@ public class NetconfControllerImpl implements NetconfController {
     public void activate(ComponentContext context) {
         cfgService.registerProperties(getClass());
         modified(context);
+        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
         log.info("Started");
     }
 
@@ -140,6 +143,7 @@ public class NetconfControllerImpl implements NetconfController {
         cfgService.unregisterProperties(getClass(), false);
         netconfDeviceListeners.clear();
         netconfDeviceMap.clear();
+        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
         log.info("Stopped");
     }
 
diff --git a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
index 357ae1683b..241ea23e86 100644
--- a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
+++ b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
@@ -28,6 +28,10 @@ import org.apache.sshd.client.future.OpenFuture;
 import org.apache.sshd.client.session.ClientSession;
 import org.apache.sshd.common.FactoryManager;
 import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.onosproject.netconf.DatastoreId;
 import org.onosproject.netconf.NetconfDeviceInfo;
 import org.onosproject.netconf.NetconfDeviceOutputEvent;
@@ -39,12 +43,11 @@ import org.onosproject.netconf.NetconfSessionFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import java.io.CharArrayReader;
 import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -208,23 +211,15 @@ public class NetconfSessionMinaImpl implements NetconfSession {
         session = connectFuture.getSession();
         //Using the device ssh key if possible
         if (deviceInfo.getKey() != null) {
-            ByteBuffer buf = StandardCharsets.UTF_8.encode(CharBuffer.wrap(deviceInfo.getKey()));
-            byte[] byteKey = new byte[buf.limit()];
-            buf.get(byteKey);
-            PublicKey key;
+            PEMParser pemParser = new PEMParser(new CharArrayReader(deviceInfo.getKey()));
+            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
             try {
-                key = getPublicKey(byteKey, RSA);
-            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-                try {
-                    key = getPublicKey(byteKey, DSA);
-                } catch (NoSuchAlgorithmException | InvalidKeySpecException e1) {
-                    throw new NetconfException("Failed to authenticate session with device " +
-                            deviceInfo + "check key to be the " +
-                            "proper DSA or RSA key", e1);
-                }
+                KeyPair kp = converter.getKeyPair((PEMKeyPair) pemParser.readObject());
+                session.addPublicKeyIdentity(kp);
+            } catch (java.io.IOException e) {
+                throw new NetconfException("Failed to authenticate session with device " +
+                                           deviceInfo + "check key to be a valid key", e);
             }
-            //privateKye can set tu null because is not used by the method.
-            session.addPublicKeyIdentity(new KeyPair(key, null));
         } else {
             session.addPasswordIdentity(deviceInfo.password());
         }