Log in Go to the main page Page Discussion History Go to the file list Go to the site toolbox

Confirm Key File Formats, Using OpenSSL

From RZWiki


Linux-logo-large.png Application-certificate.svg

If you are unsure of the format of a particular public or private key file, the only way to confirm the file format (particularly where the file has no helpful extension) is through a process of elimination, using OpenSSL to check the file, specifying each possible file format available until the correct one is found. When SSL returns a key OK message, the file is formatted in the format specified that time.

To demonstrate this, see the process used to identify a PEM file below;

openssl pkcs12 -info -in networkstuff.eu.key -noout 

font color=blue5657:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
5657:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=PCS12/font

openssl rsa -inform DER -in networkstuff.eu.key -noout -check 

font color=blueunable to load Private Key
28653:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag:a_set.c:194:
28653:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
28653:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=RSA
28653:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96:/font
  • To check if you have a certificate rather than a key use this command syntax: openssl x509 -inform DER -in networkstuff.eu.der -noout -text

openssl rsa -inform NET -in networkstuff.eu.key -noout -check 

font color=blueunable to load Private Key
28694:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1007:
28694:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:305:Type=NETSCAPE_ENCRYPTED_PKEY
28694:error:0D09806F:asn1 encoding routines:d2i_Netscape_RSA:decoding error:n_pkey.c:242:/font

openssl rsa -inform PEM -in networkstuff.eu.key -noout -check 

font color=blueRSA key ok/font

Utilities-terminal-medium-v2.png Typical Output

noinclude/noinclude

If the file is an RSA key, one of the DER, NET or PEM check commands will result in an output of: 

font color=blueRSA key ok/font

If the file is a PKCS12 (including PFX) key, the pkcs12 info command will result in an output similar to: 

font color=blueEnter Import Password:
MAC Iteration 1
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag/font

See the Convert File Formats, Using OpenSSL article for information on how to convert files from one format to another.

Icemon-medium.png Related Articles

Our other OpenSSL articles

Information on other OpenSSL Commands


Internet-group-chat-small.png We really do appreciate all feedback so please do send your comments, suggestions or corrections to sjiveson#routerzone.eu 
(replacing the # with an @)


Retrieved from "http://www.routerzone.eu/wiki/index.php/Confirm_Key_File_Formats,_Using_OpenSSL"

Site Toolbox:

Personal tools
This page was last modified on 16 August 2010, at 18:04. - Disclaimers - About RZWiki
Powered by MediaWiki