openssl Unable to load private key PEM_do_header:bad decrypt

Question

I am unable to decrypt a keyfile.

@YY200146:/mnt/c/source/keycloak-orig/keycloak/traefik/certs$ openssl rsa -in saml.key -out nopassword.key
Enter pass phrase for saml.key:
unable to load Private Key
139720414335424:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:537:
139720414335424:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461:
@YY200146:/mnt/c/source/keycloak-orig/keycloak/traefik/certs$

What can I use to validate this key file? Could it be that this key file is invalid?

Thanks Zain

Answer 1

This error message means you're using the wrong password. You probably posted this message because you're pretty sure you're using the right password, but it's not! Please reexamine your password. I had a similar problem, but when I looked at the password which I had stored in a file I keep miss interpreting a l as a 1. Easy mistake to make. I now tend to use passwords with characters that aren't easily mistaken for another.

If your absolutely sure you're entering the right password, then you'll need to provide additional information on how the key was generated. For example, are you sure sam1.key is an RSA key, and not a DSA key? If the key was generate by some program or script, make sure that that your password is not misinterpreted because of string escape sequences.