I have a .key file which is PEM formatted private key file. I didn't make this file but I got this from somewhere.
I wanted to see its MD5 hash with openssl tool like below command.
openssl rsa -in server.key -modulus -noout
But this generates below error.
unable to load Private Key
13440:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:648:Expecting: ANY PRIVATE KEY
Here's some asn1parse of the .key file.
openssl asn1parse -in server.key
0:d=0 hl=4 l= 603 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=3 l= 129 prim: INTEGER :C141201603899993919CBAA56985E9C7
C6A2AF713A02F5FE88D38CEFBED9304599689280B84B0AB577A9719CA20DDA1246A894AF397A2C57
EE5A582B036CC367E3667454DCD82DBDBF187C35FE39F61C71B517DDDF576F5471B4EC2E045E0F9D
619F5616C4E832F00CBD0DBF41B4BA3CBC4B4B603AE1FE61965917DA732E0DEF
139:d=1 hl=2 l= 3 prim: INTEGER :010001
144:d=1 hl=3 l= 128 prim: INTEGER :1687B9AE67562CEDEBDD7A531B84CDB7
093CE138519B93C34B7F626076FF0A262B16EA71904ACB6251A39307C04ADE202055BA13DD9F1539
6123EE408183361A9BC08B9413FA360EA928E48CC3F52B33ACF2980758F02BA2139F652F30A257C2
2E45D7C25835FC4D22B9ECECC12AB632318D4F47E1EBDAD9781B96BCFF03A2D1
...
Is there anything more I can try?
This question is related to
openssl
private-key
openssl genrsa -out privateKey.pem 4096
openssl req -new -x509 -nodes -days 3600 -key privateKey.pem -out caKey.pem
your .key file contains illegal characters. you can check .key file like this:
# file server.key
output "server.key: UTF-8 Unicode (with BOM) text" means it is a plain text, not a key file. The correct output should be "server.key: PEM RSA private key".
use below command to remove illegal characters:
# tail -c +4 server.key > new_server.key
The new_server.key should be correct.
For more detail, you can click here, thanks for the post.
> I have a .key file which is PEM formatted private key file.
> ...
> Here's some asn1parse of the .key file...
That it appears OK with asn1parse leads me to believe its not PEM encoded.
Is there anything more I can try?
Because it appears to be ASN.1, try:
$ openssl rsa -in server.key -inform DER -modulus -noout
Notice the -inform DER to switch between encodings.
In our case what caused the issue is that the private key we were trying to use was encrypted with a passphrase.
We had to decrypt the private key using ssh-keygen -p before we could use the private key with the openssl command line tool.
I'm on Windows 10 and I saved my key with Windows1252 encoding and it worked for me. On another StackOverflow question some people were fixing this with UTF-8 with BOM.
In other words, it may be the file encoding.
Remove any whitespace at the start of the .key file.
this could happen if you are trying to use your public key to create certificate instead of your private key. you should use private key
I changed the header and footer of the PEM file to
-----BEGIN RSA PRIVATE KEY-----
and
-----END RSA PRIVATE KEY-----
Finally, it works!
Resolution on my side. Change Encoding to UTF8 without BOM
Had same issue today, and noticed that this occurs when owner/group of file is not the one running app that reads key. Maybe is your issue too.
May be the private key itself is not present in the file.I was also faced the same issue but the problem is that there is no private key present in the file.
None of the other answers seemed correct in my case, however I found the real answer here
My id_rsa file was already in PEM format, I just needed to add the .pem extension to the filename.
The possible options to the openssl rsa -inform parameter are one of: PEM DER
A
PEMencoded file is a plain-text encoding that looks something like:-----BEGIN RSA PRIVATE KEY----- MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh ALeEtAIzebCkC+bO+rwNFVORb0bA9xN2n5dyTw/Ba285AhEA9FFDtx4VAxMVB2GU QfJ/2wIRANzuXKda/nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw 8pL7M7DsTM7l3HXRAhAhIMYKQawc+Y7MNE4kQWYe -----END RSA PRIVATE KEY-----While
DERis a binary encoding format.
Open the key file in Notepad++ and verify the encoding. If it says UTF-8-BOM then change it to UTF-8. Save the file and try again.
Source: Stackoverflow.com