Unable to load Private Key PEM routines PEM read bio no start line pem lib c 648 Expecting ANY PRIVATE KEY

Question

I have a  key file which is PEM formatted private key file  I didn t make this file but I got this from somewhere   I wanted to see its MD5 hash with openssl tool like below command   openssl rsa -in server key -modulus -noout   But this generates below error   unable to load Private Key 13440 error 0906D06C PEM routines PEM read bio no start line   crypto pem pem lib c 648 Expecting  ANY PRIVATE KEY   Here s some asn1parse of the  key file   openssl asn1parse -in server key 0 d 0  hl 4 l  603 cons  SEQUENCE 4 d 1  hl 2 l    1 prim  INTEGER            00 7 d 1  hl 3 l  129 prim  INTEGER            C141201603899993919CBAA56985E9C7 C6A2AF713A02F5FE88D38CEFBED9304599689280B84B0AB577A9719CA20DDA1246A894AF397A2C57 EE5A582B036CC367E3667454DCD82DBDBF187C35FE39F61C71B517DDDF576F5471B4EC2E045E0F9D 619F5616C4E832F00CBD0DBF41B4BA3CBC4B4B603AE1FE61965917DA732E0DEF 139 d 1  hl 2 l    3 prim  INTEGER            010001 144 d 1  hl 3 l  128 prim  INTEGER            1687B9AE67562CEDEBDD7A531B84CDB7 093CE138519B93C34B7F626076FF0A262B16EA71904ACB6251A39307C04ADE202055BA13DD9F1539 6123EE408183361A9BC08B9413FA360EA928E48CC3F52B33ACF2980758F02BA2139F652F30A257C2 2E45D7C25835FC4D22B9ECECC12AB632318D4F47E1EBDAD9781B96BCFF03A2D1         Is there anything more I can try

User · Answer

Create CA certificate  openssl genrsa -out privateKey pem 4096 openssl req -new -x509 -nodes -days 3600 -key privateKey pem -out caKey pem

User · Answer

Remove any whitespace at the start of the  key file

User · Answer

I m on Windows 10 and I saved my key with Windows1252 encoding and it worked for me  On another StackOverflow question some people were fixing this with UTF-8 with BOM   In other words  it may be the file encoding

User · Answer

your  key file contains illegal characters  you can check  key file like this     file server key   output  server key  UTF-8 Unicode  with BOM  text  means it is a plain text  not a key file  The correct output should be  server key  PEM RSA private key    use below command to remove illegal characters     tail -c  4 server key  gt  new server key   The new server key should be correct   For more detail  you can click here  thanks for the post

User · Answer

None of the other answers seemed correct in my case  however I found the real answer here My id rsa file was already in PEM format  I just needed to add the  pem extension to the filename  Thanks to The possible options to the openssl rsa -inform parameter are one of  PEM DER  A PEM encoded file is a plain-text encoding that looks something like  -----BEGIN RSA PRIVATE KEY----- MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh ALeEtAIzebCkC bO rwNFVORb0bA9xN2n5dyTw Ba285AhEA9FFDtx4VAxMVB2GU QfJ 2wIRANzuXKda nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw 8pL7M7DsTM7l3HXRAhAhIMYKQawc Y7MNE4kQWYe -----END RSA PRIVATE KEY-----  While DER is a binary encoding format

User · Answer

In our case what caused the issue is that the private key we were trying to use was encrypted with a passphrase  We had to decrypt the private key using ssh-keygen -p before we could use the private key with the openssl command line tool

User · Answer

Resolution on my side  Change Encoding to UTF8 without BOM

User · Answer

Open the key file in Notepad   and verify the encoding   If it says UTF-8-BOM then change it to UTF-8   Save the file and try again

User · Answer

May be the private key itself is not present in the file I was also faced the same issue but the problem is that there is no private key present in the file

User · Answer

Had same issue today  and noticed that this occurs when owner group of file is not the one running app that reads key  Maybe is your issue too

User · Answer

I changed the header and footer of the PEM file to   -----BEGIN RSA PRIVATE KEY-----   and  -----END RSA PRIVATE KEY-----   Finally  it works

User · Answer

this could happen if you are trying to use your public key to create certificate instead of your private key  you should use private key

User · Answer

gt  I have a  key file which is PEM formatted private key file   gt       gt  Here s some asn1parse of the  key file      That it appears OK with asn1parse leads me to believe its not PEM encoded        Is there anything more I can try    Because it appears to be ASN 1  try     openssl rsa -in server key -inform DER -modulus -noout   Notice the -inform DER to switch between encodings

[openssl] Unable to load Private Key. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY)

Create CA certificate

Examples related to openssl

Examples related to private-key