Menu
I've been given a PEM file with a certificate and pub/private keys. Specifically it includes the headers
-----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN RSA PUBLIC KEY----- -----END RSA PUBLIC KEY----- in that specific order.
My understanding is without a header following the BEGIN RSA PRIVATE KEY header that this pem file contains a private key in the traditional format (PKCS1) without encryption.
I need to convert this private key to a DER encoded PKCS8 unencrypted format for use with java server code, specifically PKCS8EncodedKeySpec. I've tried OpenSSL, both with rsa and pkcs8 commands, but with no luck. There's no specific need to use openssl if there is something easier.
Specifically:
openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -pubin openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt I've also tried specifying the inform and outform without success.
user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.pem -out IServer_Key.pkcs8.pem -pubin unable to load Public Key 5925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650: Expecting: PUBLIC KEY user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem unable to load Private Key 5993:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 5993:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828: 5993:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=n, Type=RSA 5993:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99: 5993:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:125: user@ubuntu:~/TestCerts$ openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt Error decrypting key 6022:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650: Expecting: PRIVATE KEY Any help would be very much appreciated at this point.
809
Open PuTTYgen, choose Key > SSH-2 RSA key, and select RSA in the lower left corner. Import the private key in OpenSSH format to PuTTYgen. Choose Conversions > Import key, select the private key in OpenSSH format, and open it. Choose Conversions > Export OpenSSH key, name and save the file.
pem is the PKCS #8 formatted private key, -traditional means to convert to the traditional PKCS1 format, -nocrypt means the key is not encrypted, and -out key. pem is the file holding the PKCS1 traditional private key.
DESCRIPTION. The pkcs8 command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1. 5 and v2.
Try using following command. I haven't tried it but I think it should work.
openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt To convert the private key from PKCS#1 to PKCS#8 with openssl:
# openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1.key -out pkcs8.key That will work as long as you have the PKCS#1 key in PEM (text format) as described in the question.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
