PKCS8 Question

Jeffrey Ricks Mon, 20 Mar 2000 16:38:27 -0800
Hi all,

Here's my situation... I'm trying to
produce certs and keys with the Java security packages
for use in my ssl enabled web server.  The problem is
that when I try to start apache in SSL mode, it
doesn't like my server cert's private key.  The Java
docs say that the private key I generated is a DER
encoding of the PKCS8 format.  I took that output,
base64 encoded it, and added PEM headers.  At this
point it "looks" like one that I've created with
openssl.  If I try to start apache, it complains about
the key.  If I try to look at the key with:

openssl dsa -noout -in key.pem -text

I get the following output (errors):

19268:error:0D080071:asn1 encoding
routines:d2i_ASN1_INTEGER:expecting an
integer:a_int.c:258:
19268:error:0D08A082:asn1 encoding
routines:d2i_DSAPrivateKey:parsing:d2i_s_pr.c:100:
19268:error:0D09B00D:asn1 encoding
routines:d2i_PrivateKey:ASN1
lib:d2i_pr.c:98:19268:error:0906700D:PEM
routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:

Sorry if that's not all lined up nicely...

If I run:

openssl asn1parse -in ~/key.pem

I get the following output:

    0:d=0  hl=4 l= 331 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=4 l= 300 cons: SEQUENCE          
   11:d=2  hl=2 l=   7 prim: OBJECT           
:dsaEncryption
   20:d=2  hl=4 l= 287 cons: SEQUENCE          
   24:d=3  hl=3 l= 129 prim: INTEGER          
:FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7
  156:d=3  hl=2 l=  21 prim: INTEGER          
:9760508F15230BCCB292B982A2EB840BF0581CF5
  179:d=3  hl=3 l= 129 prim: INTEGER          
:F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C3BFECF492A
  311:d=1  hl=2 l=  22 prim: OCTET STRING      

I've attached that output (asn1parse.out) in case it's
unreadable here.  My thought is that I'm doing
something wrong on the Java side, but I have nothing
to base that thought on.  Any suggestions
would be extremely helpful.  I can provide copies of
the binary and PEM version of my key if anyone needs
them.

Thanks,

Jeff Ricks
[EMAIL PROTECTED]


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
PKCS8 Question

Reply via email to
