Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl] HELP! , PKCS#12 conversion fails!
485 views
Skip to first unread message
Privacy Matter
Feb 12, 2021, 5:29:15 AM2/12/21
to
Hi,
I'm struggling to convert a certificate and a private key to PKCS#12 format.
I have a Certificate and a Private Key files:
- cert.cer
- key.der
"cert.cer" is a binary file, and can be imported in Windows just with one click.
So, I suppose it should be a certificate in DER binary format.
I also have e PKCS#7 and Base64 X509 versions of this file, obtained using Windows Certificate export feature:
- cert-Base64-X509.cer, probably x509 certificate PEM format, because of the header "-----BEGIN CERTIFICATE-----"
- cert.p7b, PKCS#7 file format, as stated by Windows export dialog
The "key.der" seems to be a PKCS#8 EncryptedPrivateKeyInfo, because it is an ASCII file with "-----BEGIN ENCRYPTED PRIVATE KEY-----" header-.
#### PKCS#12 ERRORS ####
The PKCS#12 conversion command is expected to be:
> openssl pkcs12 -export -inkey key.der -in cert-Base64-X509.cer -out cert.p12
Wich lead to the following errors:
unable to load private key
8024:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.\crypto\evp\evp_enc.c:563:
8024:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:.\crypto\pkcs12\p12_decr.c:108:
8024:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:.\crypto\pkcs12\p12_decr.c:139:
8024:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:142:
unable to write 'random state'
#### THE CAUSE SEEMS TO BE THE CERTIFICATE ####
The problem seems to be the certificate, not the key.
This because if I replace "key.der" with a fake text file "atextfile.txt" containing "hello openssl", I have this:
> openssl pkcs12 -export -inkey atextfile.txt -in cert-Base64-X509.cer -out cert.p12
unable to load private key
14652:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to write 'random state'
But replacing the "cert-Base64-X509.cer" with "atextfile.txt" I got exactly the same errors.
#### ALSO PKCS#7 TO PEM CERTIFICATE TRANSLATION FAILS ####
So, I've attemped get a PEM encoded certificate, translating the PKCS#7 "cert.p7b" with following command:
> openssl pkcs7 -print_certs -in cert.p7b -out cert.pem
But also this command failed due the error:
unable to load PKCS7 object
14544:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: PKCS7
#### DIFFERENT OPERATIVE SYSTEMS, SAME ERRORS ####
All above on a Windows 7 64bit, and "OpenSSL 1.0.2u 20 Dec 2019", but also executed on Linux platform with "OpenSSL 1.1.0l 10 Sep 2019 (Library: OpenSSL 1.1.0f 25 May 2017)" (the last version availablet on that platform), exactly with the same outcome:
$ openssl pkcs12 -export -inkey key.der -in cert-Base64-X509.cer -out cert.p12
Enter pass phrase for key.der:
unable to load private key
1995617696:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:535:
1995617696:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:63:
1995617696:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:94:
1995617696:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:86:
$ openssl pkcs7 -print_certs -in cert.p7b -out cert.pem
unable to load PKCS7 object
1995900320:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: PKCS7
#### HELP! ####
What else I can do?
Thanks in adavance to heros who'll save me!
I'm struggling to convert a certificate and a private key to PKCS#12 format.
I have a Certificate and a Private Key files:
- cert.cer
- key.der
"cert.cer" is a binary file, and can be imported in Windows just with one click.
So, I suppose it should be a certificate in DER binary format.
I also have e PKCS#7 and Base64 X509 versions of this file, obtained using Windows Certificate export feature:
- cert-Base64-X509.cer, probably x509 certificate PEM format, because of the header "-----BEGIN CERTIFICATE-----"
- cert.p7b, PKCS#7 file format, as stated by Windows export dialog
The "key.der" seems to be a PKCS#8 EncryptedPrivateKeyInfo, because it is an ASCII file with "-----BEGIN ENCRYPTED PRIVATE KEY-----" header-.
#### PKCS#12 ERRORS ####
The PKCS#12 conversion command is expected to be:
> openssl pkcs12 -export -inkey key.der -in cert-Base64-X509.cer -out cert.p12
Wich lead to the following errors:
unable to load private key
8024:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.\crypto\evp\evp_enc.c:563:
8024:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:.\crypto\pkcs12\p12_decr.c:108:
8024:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:.\crypto\pkcs12\p12_decr.c:139:
8024:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:142:
unable to write 'random state'
#### THE CAUSE SEEMS TO BE THE CERTIFICATE ####
The problem seems to be the certificate, not the key.
This because if I replace "key.der" with a fake text file "atextfile.txt" containing "hello openssl", I have this:
> openssl pkcs12 -export -inkey atextfile.txt -in cert-Base64-X509.cer -out cert.p12
unable to load private key
14652:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to write 'random state'
But replacing the "cert-Base64-X509.cer" with "atextfile.txt" I got exactly the same errors.
#### ALSO PKCS#7 TO PEM CERTIFICATE TRANSLATION FAILS ####
So, I've attemped get a PEM encoded certificate, translating the PKCS#7 "cert.p7b" with following command:
> openssl pkcs7 -print_certs -in cert.p7b -out cert.pem
But also this command failed due the error:
unable to load PKCS7 object
14544:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: PKCS7
#### DIFFERENT OPERATIVE SYSTEMS, SAME ERRORS ####
All above on a Windows 7 64bit, and "OpenSSL 1.0.2u 20 Dec 2019", but also executed on Linux platform with "OpenSSL 1.1.0l 10 Sep 2019 (Library: OpenSSL 1.1.0f 25 May 2017)" (the last version availablet on that platform), exactly with the same outcome:
$ openssl pkcs12 -export -inkey key.der -in cert-Base64-X509.cer -out cert.p12
Enter pass phrase for key.der:
unable to load private key
1995617696:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:535:
1995617696:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:63:
1995617696:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:94:
1995617696:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:86:
$ openssl pkcs7 -print_certs -in cert.p7b -out cert.pem
unable to load PKCS7 object
1995900320:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: PKCS7
#### HELP! ####
What else I can do?
Thanks in adavance to heros who'll save me!
Robert Rodriguez
May 10, 2023, 3:57:41 PM5/10/23
to
Remembering pokémons will be easier. This will also help you in finding the correct strategies for playing the game and finding new pokémons.
https://randompokemongenerator.xyz/
https://randompokemongenerator.xyz/
0 new messages