Log in Go to the main page Page Discussion History Go to the file list Go to the site toolbox Bookmark and Share

Confirm Key File Formats, Using OpenSSL

From RZWiki


Image:linux-logo-large.png Image:Application-certificate.svg

If you are unsure of the format of a particular public or private key file, the only way to confirm the file format (particularly where the file has no helpful extension) is through a process of elimination, using OpenSSL to check the file, specifying each possible file format available until the correct one is found. When SSL returns a key OK message, the file is formatted in the format specified that time.

To demonstrate this, see the process used to identify a PEM file below;

openssl pkcs12 -info -in networkstuff.eu.key -noout 

font color=blue5657:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
5657:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=PCS12/font

openssl rsa -inform DER -in networkstuff.eu.key -noout -check 

font color=blueunable to load Private Key
28653:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag:a_set.c:194:
28653:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
28653:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=RSA
28653:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96:/font
  • To check if you have a certificate rather than a key use this command syntax: openssl x509 -inform DER -in networkstuff.eu.der -noout -text

openssl rsa -inform NET -in networkstuff.eu.key -noout -check 

font color=blueunable to load Private Key
28694:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
28694:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=NETSCAPE_ENCRYPTED_PKEY
28694:error:0D09806F:asn1 encoding routines:d2i_Netscape_RSA:decoding error:n_pkey.c:242:/font

openssl rsa -inform PEM -in networkstuff.eu.key -noout -check 

font color=blueRSA key ok/font

Image:utilities-terminal-medium.png Typical Output

If the file is an RSA key, one of the DER, NET or PEM check commands will result in an output of: 

font color=blueRSA key ok/font

If the file is a PKCS12 (including PFX) key, the pkcs12 info command will result in an output similar to: 

font color=blueEnter Import Password:
MAC Iteration 1
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag/font

See the Convert File Formats, Using OpenSSL article for information on how to convert files from one format to another.

Image:icemon-medium.png Related Articles

Our other OpenSSL articles

Information on other OpenSSL Commands


Image:internet-group-chat-small.png We really do appreciate all feedback so please do send your comments, suggestions or corrections to sjiveson#routerzone.eu 
(replacing the # with an @)


Retrieved from "http://www.routerzone.eu/wiki/index.php/Confirm_Key_File_Formats,_Using_OpenSSL"

Site Toolbox:

Personal tools
This page was last modified on 11 May 2009, at 11:59. - Disclaimers - About RZWiki
Powered by MediaWiki