无法使用 openssl 获取私钥(无起始行:pem_lib.c:703:Expecting: ANY PRIVATE KEY) [英] Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)
问题描述
我有一个 .key 文件,当我这样做时
I have a .key file, when I do
openssl rsa -text -in file.key
我明白
unable to load Private Key
140000419358368:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
<小时>
我还有一个 .cer 文件,当我这样做时
Also I have a .cer file and when I do
openssl x509 -text -in file.cer
我明白了
unable to load certificate
140387178489504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
<小时>
但是如果按照这里的指示,我运行如下命令:
But if as pointed here I run the command like:
openssl x509 -text -inform DER -in file.cer
我明白
Certificate:
Data:
Version: 3 (0x2)
Some more information
...
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIUMjAwMDEwMDAwMDAxMDAwMDU4NjcwDQYJKoZIhvcNAQEF
...
-----END CERTIFICATE-----
但这似乎对密钥不起作用,因为当我运行时
But that doesn't seem to work with the key, because when I run
openssl rsa -text -inform DER -in aaa010101aaa__csd_10.key
我明白了
unable to load Private Key
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=RSA
140004844304032:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=PKCS8_PRIV_KEY_INFO
如何获取私钥及其证书?
推荐答案
您似乎拥有 DER
格式的证书,而不是 PEM
.这就是为什么当您提供 -inform PEM
命令行参数(它告诉 openssl 期望的输入格式)时它可以正常工作的原因.
It looks like you have a certificate in DER
format instead of PEM
. This is why it works correctly when you provide the -inform PEM
command line argument (which tells openssl what input format to expect).
很可能您的私钥使用了相同的编码.看起来 openssl rsa
命令也接受 -inform
参数,所以尝试:
It's likely that your private key is using the same encoding. It looks as if the openssl rsa
command also accepts a -inform
argument, so try:
openssl rsa -text -in file.key -inform DER
PEM
编码的文件是一种纯文本编码,类似于:
A PEM
encoded file is a plain-text encoding that looks something like:
-----BEGIN RSA PRIVATE KEY-----
MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh
ALeEtAIzebCkC+bO+rwNFVORb0bA9xN2n5dyTw/Ba285AhEA9FFDtx4VAxMVB2GU
QfJ/2wIRANzuXKda/nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw
8pL7M7DsTM7l3HXRAhAhIMYKQawc+Y7MNE4kQWYe
-----END RSA PRIVATE KEY-----
虽然DER
是二进制编码格式.
While DER
is a binary encoding format.
更新
有时密钥以 PKCS#8 格式(可以是 PEM 或 DER 编码)分发.试试这个,看看你会得到什么:
Sometimes keys are distributed in PKCS#8 format (which can be either PEM or DER encoded). Try this and see what you get:
openssl pkcs8 -in file.key -inform der
这篇关于无法使用 openssl 获取私钥(无起始行:pem_lib.c:703:Expecting: ANY PRIVATE KEY)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!