Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating RSA Private Key from PFX (PKCS #12) file

Tags:

certificate

ssl-certificate

rsa

encryption

pem

I'm trying to get a private RSA key from a pkcs #12 file.

I've tried running the standard

openssl pkcs12 -nocerts -out priv.pem -in domain.com.pfx

However this results in a key file like the one below:

Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00 
friendlyName: xxxxxxxx
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Key Attributes
X509v3 Key Usage: 10
-----BEGIN ENCRYPTED PRIVATE KEY-----

The server that I need to put it into canot handle the key file, and when I look at the examples data I see a file like below

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2CF27DD60B8BB3FF

And of cause the key is present in both files. However it seems the server will only accept RSA Private key file, and it seems to me like the output I get is a X509v3 file, any one know how to get this to an RSA Private key file?

like image 248
Dorana Avatar asked Sep 14 '12 07:09

Dorana

People also ask

How do you convert a private key to an RSA private key?

Open PuTTYgen, choose Key > SSH-2 RSA key, and select RSA in the lower left corner. Import the private key in OpenSSH format to PuTTYgen. Choose Conversions > Import key, select the private key in OpenSSH format, and open it. Choose Conversions > Export OpenSSH key, name and save the file.

2 Answers

Well - using a text editor to remove the offending lines may be easiest. Otherwise below will clean up the bag attributes:

openssl pkcs12 -in x.pfx  -nocerts -nodes -passin pass:123456 | openssl rsa -out privkey.pem

and can also be used to get der/net

openssl pkcs12 -in x-fred.p12  -nocerts -nodes -passin pass: | openssl rsa -outform DER -out privkey.der

which may be in fact the format you want. It is fairly common for tools to not accept a password less private key though (and a lot of tools will silently fail if the # of chars are not at least 4 or 6). So in those cases change the tailend to:

.... | openssl rsa -passout pass:123456 -out privkey.pem
.... | openssl rsa -passout pass:123456 -out privkey.der -outform der
like image 189
Dirk-Willem van Gulik Avatar answered Sep 27 '22 20:09

Dirk-Willem van Gulik

On windows 7 64bit, you can simply use your command.But in mac and linux, you should do the following steps:

1, create your pem file:
openssl pkcs12 -in xxx.pfx -out xxx.pem

2, create your rsa private key :
openssl pkcs12 -in xxx.pfx -passin pass:yourpassword | openssl rsa -des3 -passout pass:yourpassowrd -out xxx.key

this step will create the key file with the conten:" -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,2CF27DD60B8BB3FF"

3, open your .pem and .key file in a text editor, and replace the origin key" -----BEGIN ENCRYPTED PRIVATE KEY-----" in the .pem file with the rsa key in the .key file.

like image 33
schumyxp Avatar answered Sep 27 '22 21:09

schumyxp
Sign in to Comment

Related questions

Should I Use Base64 or Unicode for Storing Hashes & Salts?
asp.net viewstate encryption issue
KeyStoreException: Signature/MAC verification failed when trying to decrypt
Encrypted Media Extensions in HTML5 video
What constitutes 'encryption' for the purpose of export compliance (e.g. in App Store)? [closed]
How do you encrypt large files / byte streams in Go?
Where do you store your secret key in a Java Web Application? [closed]
Encrypting the connection string in web.config file in C#
What is the difference between the x.509 V3 extensions Basic Constraints and Key Usage to create a CA certificate?
Which "good" block encryption algorithm has the shortest output?
How to choose a salt for a hash function meant to protect passwords?
AES in GCM mode in Python [closed]
How secure is ProtectedData.Protect (DPAPI)?
Encryption: Use of initialization vector vs key?
Encrypt / Decrypt in C# using Certificate
3DES Key Size Matter in C#.Net
Compile-time string encryption
Why I can't read openssl generated RSA pub key with PEM_read_RSAPublicKey?
what is the best/easiest to use encryption library in python [closed]
Is it possible to have encryption with multiple private keys (PHP)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!