Problem with DER private key file into openssl ca

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with DER private key file into openssl ca

Robert Moskowitz
format=der

openssl pkey -inform $format -in private/ca.key.$format -text -noout

Private-Key: (256 bit)
priv:
     48:b3:4e:c5:0a:0c:af:78:b9:a2:d4:b8:7e:18:78:
     f2:39:9c:77:51:a3:1c:6f:df:31:20:e3:e4:9a:52:
     3d:06
pub:
     04:ce:ff:5d:d4:c7:b6:9c:c2:31:d9:38:fe:2b:9c:
     70:3a:fd:22:6d:97:d0:10:23:b3:57:6b:a9:51:e8:
     ce:db:16:0e:6e:8f:31:ca:6c:fe:09:69:25:be:2e:
     bf:fd:cc:ab:22:91:c8:db:f2:68:13:5a:57:03:5f:
     b2:ab:f6:ec:9d
ASN1 OID: prime256v1
NIST CURVE: P-256

openssl req -outform $format -config $cadir/openssl-root.cnf -set_serial
0x$(openssl rand -hex $sn)\
       -inform $format -key private/ca.key.$format -subj "$DN"\
       -new -x509 -days 7300 -sha256 -extensions v3_ca -out
certs/ca.cert.$format

unable to load Private Key
140492430772088:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:707:Expecting: ANY PRIVATE KEY

How do I tell it that the private key is DER?

Bob


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DER private key file into openssl ca

Jeffrey Walton-3
> openssl req -outform $format -config $cadir/openssl-root.cnf -set_serial
> 0x$(openssl rand -hex $sn)\
>       -inform $format -key private/ca.key.$format -subj "$DN"\
>       -new -x509 -days 7300 -sha256 -extensions v3_ca -out
> certs/ca.cert.$format
>
> unable to load Private Key
> 140492430772088:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
>
> How do I tell it that the private key is DER?

-inform is used to specify the encoding. You can find the man pages at
https://www.openssl.org/docs/man1.0.2/apps/. You want the req.html.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DER private key file into openssl ca

Robert Moskowitz


On 08/21/2017 01:41 PM, Jeffrey Walton wrote:

>> openssl req -outform $format -config $cadir/openssl-root.cnf -set_serial
>> 0x$(openssl rand -hex $sn)\
>>        -inform $format -key private/ca.key.$format -subj "$DN"\
>>        -new -x509 -days 7300 -sha256 -extensions v3_ca -out
>> certs/ca.cert.$format
>>
>> unable to load Private Key
>> 140492430772088:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
>>
>> How do I tell it that the private key is DER?
> -inform is used to specify the encoding. You can find the man pages at
> https://www.openssl.org/docs/man1.0.2/apps/. You want the req.html.

And the proper argument is:

-keyform

Thanks

This is sooooo much fun.  Sigh.

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users