Vladimir Ivaschenko wrote: > > Hello everyone. > > I'm a new subscriber, so please try to take it easy on me :-) > > I've been trying to get extract private key from .key file from IIS. I > found a message in the mailing lists stating that I need to find the > "private-key" string in the file and extract everything that goes after > 0x30 0x82 from there, and running "ssleay rsa -inform NET -in key-net.key > -out key.pem". However this fails, with the following error: > > read RSA key > unable to load key > 22145:error:0D07E095:asn1 encoding routines:d2i_ASN1_bytes:wrong > tag:a_bytes.c:252: > 22145:error:0D082004:asn1 encoding routines:d2i_ASN1_OCTET_STRING:nested > asn1 error:a_octet.c:90: > 22145:error:0D08D06F:asn1 encoding routines:d2i_Netscape_RSA:decoding > error:n_pkey.c:203:address=134788800 offset=4 > > By the way, the key is a GlobalServer (SGC) key from VeriSign. I've been > trying to make it work with 40-bit browsers (the server is IIS 4 on NT4, > Windows 2000 doesnt work as well) with no success. :-( > Firstly try OpenSSL 0.9.5a, I don't think this stuff has changed much though. What you actually do (which you may have done anyway) is to search for "private-key" then trace *backwards* for 30 82 and copy everything from there. Hmm we should I suppose add an option to do this automatically at some point. Does it actually prompt for a password? If you still get no joy then create a test key (do NOT send the real one!) and send me that along with its password and I'll have a look at it. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
