On Thu, Jun 17, 2010, Aravind GJ wrote: > Hello, > > I am trying to load a certificate and private key. (both are .der file). The > private key is unencrypted. The certificate file is loaded using > > SSL_CTX_use_certificate_file(ctx, "cert.der", SSL_FILETYPE_ASN1) which is > sucessful. > > Then I try to load private key file using > > SSL_CTX_use_PrivateKey_file(ctx,"privatekey.der",SSL_FILETYPE_ASN1) which is > returning error(0) and outputs > > 31061:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:1316: > 31061:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested > asn1 error:tasn_dec.c:828: > 31061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested > asn1 error:tasn_dec.c:748:Field=n, Type=RSA > 31061:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 > lib:d2i_pr.c:99: > 31061:error:140B000D:SSL routines:SSL_CTX_use_PrivateKey_file:ASN1 > lib:ssl_rsa.c:669: > > I then used the command "openssl pkcs8 -in sigkey.der -inform DER -nocrypt > -out private.pem". The PEM file generated is then loaded using > > SSL_CTX_use_PrivateKey_file(ctx,"private.pem",SSL_FILETYPE_PEM) and this is > successful. > > What is the problem in using the private key file in .der format? > > I am using *"openssl-0.9.8".* >
The DER version of that command doesn't automatically detect the format. If you did: openssl rsa -in private.pem -outform DER -out privkey.der it should work but you can't password protect the result. If you use d2i_PKCS8PrivateKey_bio() to get an EVP_PKEY structure and pass that to the SSL_CTX it should work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
