SyntaxFix

[openssl] Convert PEM traditional private key to PKCS8 private key

I've been given a PEM file with a certificate and pub/private keys. Specifically it includes the headers 

-----BEGIN CERTIFICATE-----   
-----END CERTIFICATE-----   
-----BEGIN RSA PRIVATE KEY-----   
-----END RSA PRIVATE KEY-----   
-----BEGIN RSA PUBLIC KEY-----   
-----END RSA PUBLIC KEY-----

in that specific order.

My understanding is without a header following the BEGIN RSA PRIVATE KEY header that this pem file contains a private key in the traditional format (PKCS1) without encryption.

I need to convert this private key to a DER encoded PKCS8 unencrypted format for use with java server code, specifically PKCS8EncodedKeySpec. I've tried OpenSSL, both with rsa and pkcs8 commands, but with no luck. There's no specific need to use openssl if there is something easier.

Specifically:

openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem
openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -pubin openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt

I've also tried specifying the inform and outform without success.

user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.pem -out IServer_Key.pkcs8.pem -pubin 
unable to load Public Key 
5925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:
Expecting: PUBLIC KEY

user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem 
unable to load Private Key 
5993:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 
5993:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828:
5993:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=n, Type=RSA 
5993:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99: 
5993:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:125:

user@ubuntu:~/TestCerts$ openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt 
Error decrypting key 
6022:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:
Expecting: PRIVATE KEY

Any help would be very much appreciated at this point.

This question is related to openssl certificate

The answer is

To convert the private key from PKCS#1 to PKCS#8 with openssl:

# openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1.key -out pkcs8.key

That will work as long as you have the PKCS#1 key in PEM (text format) as described in the question.

Try using following command. I haven't tried it but I think it should work. 

openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt

Source: Stackoverflow.com

Examples related to openssl

dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib How to install OpenSSL in windows 10? SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443 How to fix: fatal error: openssl/opensslv.h: No such file or directory in RedHat 7 Homebrew refusing to link OpenSSL Solving sslv3 alert handshake failure when trying to use a client certificate How to install latest version of openssl Mac OS X El Capitan How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)

Examples related to certificate

Distribution certificate / private key not installed When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? Cannot install signed apk to device manually, got error "App not installed" Using client certificate in Curl command Convert .cer certificate to .jks SSL cert "err_cert_authority_invalid" on mobile chrome only Android Studio - Unable to find valid certification path to requested target SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Verify a certificate chain using openssl verify Import Certificate to Trusted Root but not to Personal [Command Line]

Tags

Mptt Design-documents Communicate Fbo Scala Rtmfp Atomic Taylor-series Mongrel Flex3 Unique-key Paradigms Memory-access Treetop Macos-carbon Badge Distributed Assetslibrary Keyref Url-modification Primary-key Pixel-shader Griffon Neural-network Fragment Ejb-3.0 Ltpa Sqlgeography Outline-view Jit Visible Treeview Pytables Event-dispatch-thread Modularization Tlb Axshockwaveflash Wadl Nsxmlparsererrordomain Chdatastructures Journal Shelving Http-status-code-307 Breezingforms Setstring Threadgroup Zend-locale Iconv Dozer Wpm Blending Mkbundle Const-method Numerical-analysis switchcompat Objectcache Member-function-pointers Kernel Todictionary Eager Combinatorics Uisplitview Autopostback .net-cf-3.5 Nslocalizedstring Struts-html Storekit Typedarray Xenocode Certificate-authority Subscript Posthoc Web-access Morse-code Name-value Biztalk2006r2 Filesystemwatcher Application-blocks Unicode Google-chrome-devtools Set-cover User-input Analog-digital-converter Rackspace Compact-framework Gtkd Web.py Python-visual Linda Seed Module-packaging Fedora12 Pass-by-value Apns-sharp Python-2.7 Submission Filepath Pdf-reader Anti-piracy Vpython