OpenSSL - private key convert from .bin to .pem
Hi,
I'm trying to use a private key that was exported from a Riverbed Steelhead as a password protected .bin file. (only option available)
When trying to decrypt using openssl to get it into .pem format, I'm receiving errors.
I'm having problems identifying what format the export from the Steelhead is in... .der, .pcks12,???
I can tell the file begins with the following header... (hope that helps identify the format)
------BEGIN ENCRYPTED PRIVATE KEY--------
-------END ENCRYPTED PRIVATE KEY----------
Does anyone know the openssl commands to find out what file format it is and ultimately how to decrypt and convert it to .pem so I can use the SSL decrypted decode on the AMD?
Thanks,
Matt
Continuing the thread here, I've done the following.
- Removed the cert from the file so it is just the key
- Ran command to convert to pem: openssl enc –in encryptedkey.bin –out key.pem -a
- Opened pem file and added begin and end tags
- Ran the last command to decrypt and got the following...
[root@mydevice keys]# openssl pkcs12 -in encryptedkey.pem -out key.pem -nodes
8501:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
8501:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=PKCS12
It looked like the key may have already been in .pem format and just using a different extension. If that is the case, then pkcs12 is the wrong operation family, and you want to use rsa to simply decrypt the key.
the command for decrypting an encrypted .pem key is
openssl rsa -in encrypted_key_filename -out decrypted_key_filename
from article Extracting Web Server Private RSA Keys for Apache/OpenSSL Server
-- Erik
