无法使用 openssl 获取私钥(无起始行:pem_lib.c:703:Expecting: ANY PRIVATE KEY) [英] Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)

查看:28
本文介绍了无法使用 openssl 获取私钥(无起始行:pem_lib.c:703:Expecting: ANY PRIVATE KEY)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 .key 文件,当我这样做时

I have a .key file, when I do

openssl rsa -text -in file.key

我明白

unable to load Private Key
140000419358368:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

<小时>

我还有一个 .cer 文件,当我这样做时

Also I have a .cer file and when I do

openssl x509 -text -in file.cer

我明白了

unable to load certificate
140387178489504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

<小时>

但是如果按照这里的指示,我运行如下命令:

But if as pointed here I run the command like:

openssl x509 -text -inform DER -in file.cer

我明白

Certificate:
    Data:
        Version: 3 (0x2)
        Some more information
        ...
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIUMjAwMDEwMDAwMDAxMDAwMDU4NjcwDQYJKoZIhvcNAQEF
...
-----END CERTIFICATE-----

但这似乎对密钥不起作用,因为当我运行时

But that doesn't seem to work with the key, because when I run

openssl rsa -text -inform DER -in aaa010101aaa__csd_10.key

我明白了

unable to load Private Key
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=RSA
140004844304032:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=PKCS8_PRIV_KEY_INFO

如何获取私钥及其证书?

推荐答案

您似乎拥有 DER 格式的证书,而不是 PEM.这就是为什么当您提供 -inform PEM 命令行参数(它告诉 openssl 期望的输入格式)时它可以正常工作的原因.

It looks like you have a certificate in DER format instead of PEM. This is why it works correctly when you provide the -inform PEM command line argument (which tells openssl what input format to expect).

很可能您的私钥使用了相同的编码.看起来 openssl rsa 命令也接受 -inform 参数,所以尝试:

It's likely that your private key is using the same encoding. It looks as if the openssl rsa command also accepts a -inform argument, so try:

openssl rsa -text -in file.key -inform DER

PEM 编码的文件是一种纯文本编码,类似于:

A PEM encoded file is a plain-text encoding that looks something like:

-----BEGIN RSA PRIVATE KEY-----
MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh
ALeEtAIzebCkC+bO+rwNFVORb0bA9xN2n5dyTw/Ba285AhEA9FFDtx4VAxMVB2GU
QfJ/2wIRANzuXKda/nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw
8pL7M7DsTM7l3HXRAhAhIMYKQawc+Y7MNE4kQWYe
-----END RSA PRIVATE KEY-----

虽然DER是二进制编码格式.

While DER is a binary encoding format.

更新

有时密钥以 PKCS#8 格式(可以是 PEM 或 DER 编码)分发.试试这个,看看你会得到什么:

Sometimes keys are distributed in PKCS#8 format (which can be either PEM or DER encoded). Try this and see what you get:

openssl pkcs8 -in file.key -inform der

这篇关于无法使用 openssl 获取私钥(无起始行:pem_lib.c:703:Expecting: ANY PRIVATE KEY)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
服务器开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆