encrypt string get error KEY3268:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:.\crypto\evp\p_lib.c:279:

[pavels.r...@gmail.com]

Good morning!

i'm cant encrypt sting with real/production certificate.
But with TEST certificate all command encrypt and decrypt work.
openssl rsautl -encrypt -certin -inkey public.pem -in plain.txt -out crypted.txt -pubin

where:
public.pem - my TEST or PRODUCTION public key
plain.txt = file with test string
crypted.txt = file for encrypted string out



The key for PRODUCTION i'm get form .PFX/.p12 with command:
openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes -clcerts

I get file with:
Bag Attributes
localKeyID: 29 08 ...
friendlyName: cp_exported
subject=....
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 29 08 ...
friendlyName: cp_exported
Key Attributes
X509v3 Key Usage: 10
-----BEGIN PRIVATE KEY-----
....
-----END PRIVATE KEY-----
After i'm create public key, with there command:
openssl x509 -inform pem -in certificate.pem -noout -pubkey > certificate_public.pem

and get file with:
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----

But if i make encrypt string:
openssl rsautl -encrypt -certin -inkey certificate_public.pem -in plain.txt -out crypted.txt -pubin

Get error:
Error getting RSA key
KEY3268:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:.\crypto\evp\p_lib.c:279:


Please i need help.



P.S. Test certificate generated with this:
openssl genrsa -out private.pem -aes256 2048
openssl rsa -in private.pem -pubout -out public.pem

Encrypt command:
openssl rsautl -encrypt -certin -inkey public.pem -in plain.txt -out crypted.txt -pubin

Decript command:
openssl rsautl -decrypt -inkey private.pem -in crypted.txt -out plain_fromEncrypt.txt

That work :(