cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OpenSSL - private key convert from .bin to .pem

matthew_eisengr
Inactive

Hi,

I'm trying to use a private key that was exported from a Riverbed Steelhead as a password protected .bin file. (only option available)

When trying to decrypt using openssl to get it into .pem format, I'm receiving errors.

I'm having problems identifying what format the export from the Steelhead is in... .der, .pcks12,???

I can tell the file begins with the following header... (hope that helps identify the format)

------BEGIN ENCRYPTED PRIVATE KEY--------

-------END ENCRYPTED PRIVATE KEY----------

 

Does anyone know the openssl commands to find out what file format it is and ultimately how to decrypt and convert it to .pem so I can use the SSL decrypted decode on the AMD?

 

Thanks,

 

Matt

2 REPLIES 2

matthew_eisengr
Inactive

Continuing the thread here, I've done the following.

  1. Removed the cert from the file so it is just the key
  2. Ran command to convert to pem: openssl enc –in encryptedkey.bin –out key.pem -a
  3. Opened pem file and added begin and end tags
  4. Ran the last command to decrypt and got the following...


    [root@mydevice keys]# openssl pkcs12 -in encryptedkey.pem -out key.pem -nodes

8501:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
8501:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=PKCS12

It looked like the key may have already been in .pem format and just using a different extension.  If that is the case, then pkcs12 is the wrong operation family, and you want to use rsa to simply decrypt the key.

the command for decrypting an encrypted .pem key is

openssl rsa -in encrypted_key_filename -out decrypted_key_filename

from article Extracting Web Server Private RSA Keys for Apache/OpenSSL Server

 

-- Erik