Asger Henriksen wrote:
>
> Hi,
>
> I am trying to convert a keyfile/certificate pair for a webserver from
> webstar (mac) format to basic textmode base64 encoded files.
>
> I need the private key in a seperate file.
>
> Running
>
> openssl asn1parse -inform DER -in privkey
> 0:d=0 hl=4 l= 704 cons: SEQUENCE
> 4:d=1 hl=2 l= 11 prim: OBJECT :pkcs8ShroudedKeyBag
> 17:d=1 hl=4 l= 685 cons: cont [ 0 ]
> 21:d=2 hl=4 l= 681 cons: SEQUENCE
> 25:d=3 hl=2 l= 35 cons: SEQUENCE
> 27:d=4 hl=2 l= 9 prim: OBJECT :pbeWithSHA1AndDES-CBC
> 38:d=4 hl=2 l= 22 cons: SEQUENCE
> 40:d=5 hl=2 l= 16 prim: OCTET STRING
> 58:d=5 hl=2 l= 2 prim: INTEGER :0400
> 62:d=3 hl=4 l= 640 prim: OCTET STRING
> 706:d=1 hl=2 l= 0 cons: SET
>
> gives this output, and I logically assumed that
>
> openssl pkcs8 -inform DER -in privkey -out key.pem -v1 PBE-SHA1-DES
>
The v1 part wont do anything when decrypting a key. The command
automatically works out the encryption used.
> would extract the key into key.pem.
> but openssl complains with:
>
> Error reading key
> 30734:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an
> asn1 sequence:x_algor.c:85:address=135523396 offset=0
>
The actual format you have there isn't PKCS#8. However it does contain a
PKCS#8 EcnryptedPrivateKey structure which you can extract using
asn1parse. Try:
openssl asn1parse -in privkey -strparse 21 -out p8key.der
openssl pkcs8 -in p8key.der -inform DER
and you may have more luck.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]