Hello Stephen, Thanks for helping me, I'm new using open-ssl I really appreciate your support.
OK firstly no, I didn't find the "private-key" string using the binary editor, I searched for it but I didn't find it. Thanks for the suggestion, I generated a dummy key with the same software. After using "openssl rsa -inform NET -in file.key" I got: unable to load Private Key 3554:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946: 3554:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:628: 3554:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:tasn_dec.c:566:Field=os, Type=NETSCAPE_ENCRYPTED_PKEY 3554:error:0D09806F:asn1 encoding routines:d2i_Netscape_RSA:decoding error:n_pkey.c:242: Then I used "openssl asn1parse -inform DER -in file.key" and I got this: 0:d=0 hl=4 l= 710 cons: SEQUENCE 4:d=1 hl=2 l= 64 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 17:d=2 hl=2 l= 51 cons: SEQUENCE 19:d=3 hl=2 l= 27 cons: SEQUENCE 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 32:d=4 hl=2 l= 14 cons: SEQUENCE 34:d=5 hl=2 l= 8 prim: OCTET STRING 44:d=5 hl=2 l= 2 prim: INTEGER :0800 48:d=3 hl=2 l= 20 cons: SEQUENCE 50:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 60:d=4 hl=2 l= 8 prim: OCTET STRING 70:d=1 hl=4 l= 640 prim: OCTET STRING Hope you can help, Roberto On 8/30/05, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Tue, Aug 30, 2005, Roberto Arias Alegria wrote: > > > Hello, > > > > I tried to sign a file using a private key (a file with a .key > > extension) using this: > > openssl rsautl -sign -in myfile.txt -inkey mykey.key -out signed > > > > But I got a meesage "unable to load private key". > > > > The private key was generated using a propiertary software (in fact, a > > government-made software, not a known commercial solution) so I have > > little information about how it was generated. Anyway, I tried to > > follow the solution with NET files provided in the man pages (open it > > in a binary editor and found the string "private-key" and then the > > 0x30 0x80 values, and copy everythin from here to the end of the file) > > but I found that the file actually starts with 0x30 0x82, so I didn't > > edit anything. > > > > Is there another way to sign information using a ".key" file? It is > > possible that the file could be in another format and the original > > software just labeled it as ".key"? > > Firstly that command line probably wont "sign a file" in the way you mean. You > should use the -sign option in the dgst command for that. > > So it includes the string "private-key" in it? Ugh, that's a horibly insecure > private key format. Did you try using NET format for the whole file? That is: > > openssl rsa -inform NET -in file.key > > How large is the file? What does: > > openssl asn1parse -inform DER -in file.key > > show? If the output has lots of lines with INTEGER on them and lots of digits > don't post it. > > If you can generate a test key of zero importance with the same software you > could post that. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]