Loading private key fails with OpenSSL.crypto.Error: []

Question

I'm trying to load a private key using OpenSSL with:

from OpenSSL import crypto

PRIVATE_KEY = 'private_key.pem'
with open(PRIVATE_KEY, 'rb') as fh:
    private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')

But I'm receiving this unhelpful error:

Traceback (most recent call last):
  File "keytest.py", line 5, in <module>
    private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 2010, in load_privatekey
    _raise_current_error()
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 22, in exception_from_error_queue
    raise exceptionType(errors)
OpenSSL.crypto.Error: []

The only reference I can find to this error is Twisted Python, TLS and client/server certificate authentication error. However, the author was accidentally trying load a public certificate as a private key with twisted.internet.ssl.PrivateCertificate.loadPEM() (ultimately OpenSSL.crypto.load_privatekey()) instead of twisted.internet.ssl.Certificate.loadPEM() (ultimately OpenSSL.crypto.load_certificate()).

What could cause this?

Answer 1

There are at least two cases where loading a private key results in the error:

OpenSSL.crypto.Error: []

1) If the private key is encrypted, but you were not expecting it to be encrypted. I.e., the private key contains:

-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

Instead of:

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

2) If the private key is encrypted, but you are providing the wrong password.

Answer 2

Another reason for this error is that the private key is malformed (not valid base64 for instance).