[EMAIL PROTECTED] wrote:
>
> openssl asn1parse -inform DER -in mycert.key
> 0:d=0 hl=4 l= 666 cons: SEQUENCE
> 4:d=1 hl=2 l= 27 cons: SEQUENCE
> 6:d=2 hl=2 l= 10 prim: OBJECT :pbeWithSHA1And128BitRC4
> 18:d=2 hl=2 l= 13 cons: SEQUENCE
> 20:d=3 hl=2 l= 8 prim: OCTET STRING
> 30:d=3 hl=2 l= 1 prim: INTEGER :05
> 3:d=1 hl=4 l= 633 prim: OCTET STRING
>
> The key was generated w/ RSA's Crypto-J CertReqTool and it definitely
> is encrypted, so using openssl pkcs8 etc. on it didn't work.
>
Erk. Thats a PKCS#12 PBE algorithm which is a bit odd in PKCS#8 so is
RC4... OpenSSL pkcs8 can handle encrypted keys. This may work:
openssl pkcs8 -in key.der -inform DER -out key.pem
It should prompt for a password.
Because its RC4 there's no way other than it producing garbage to check
the decryption worked: so it may come up with an ASN1 error. If it does
can you post the error it produces?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
