Hello openssl people, I am trying to read a private key of a certificate into memory using d2i_RSAPrivateKey. I'm able to read the certificate without a problem, but when I pass the private key to d2i_RSAPrivateKey, it fails to parse. I do not see an error message or errno being set - d2i_RSAPrivateKey simply returns NULL. I've generated a self-signed cert which reproduces the problem, and I've attached it to this message (this is a throwaway cert, not in use for anything, so I'm knowingly sending the private key). The command I used to generate this cert and its key was:
openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 36500
-nodes -outform PEM
I have another cert where the private key *is* parseable by d2i_RSAPrivateKey.
I printed out both certs from the command line, and compared them. They appear
almost identical. The only difference I see is that when I print the attached
unparseable cert, the Signature Algorithm section has 8 lines of hex. In the
parseable cert, I see 15 lines of hex. Both certs use sha1WithRSAEncryption as
the algorithm, with 1024 bits.
Can anyone help me understand why the private key in the attached cert is not
readable by d2i_RSAPrivateKey? I'm running these tests on a Mac, but the same
thing happens on Ubuntu Linux.
Thank you,
David
Printout of the attached cert, which fails to parse with d2i_RSAPrivateKey:
MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined -text
-noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies,
OU=KMI,
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Validity
Not Before: Oct 8 15:47:30 2015 GMT
Not After : Jan 16 15:47:30 2016 GMT
Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies,
OU=KMI,
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:
77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:
63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:
27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:
53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:
ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:
bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:
02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:
e7:82:39:f9:09:1b:ee:56:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Authority Key Identifier:
keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:
66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:
46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:
a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:
58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:
1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:
d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:
37:c8
cert.1024.combined
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
