Convert PEM traditional private key to PKCS8 private key

Question

I ve been given a PEM file with a certificate and pub private keys  Specifically it includes the headers   -----BEGIN CERTIFICATE-----    -----END CERTIFICATE-----    -----BEGIN RSA PRIVATE KEY-----    -----END RSA PRIVATE KEY-----    -----BEGIN RSA PUBLIC KEY-----    -----END RSA PUBLIC KEY-----   in that specific order   My understanding is without a header following the BEGIN RSA PRIVATE KEY header that this pem file contains a private key in the traditional format  PKCS1  without encryption   I need to convert this private key to a DER encoded PKCS8 unencrypted format for use with java server code  specifically PKCS8EncodedKeySpec  I ve tried OpenSSL  both with rsa and pkcs8 commands  but with no luck  There s no specific need to use openssl if there is something easier   Specifically   openssl rsa -in IServer Key orig prikey pem -out IServer Key pkcs8 pem openssl rsa -in IServer Key orig prikey pem -out IServer Key pkcs8 pem -pubin openssl pkcs8 -in IServer Key orig prikey pem -out IServer Key pkcs8 pem -nocrypt   I ve also tried specifying the inform and outform without success   user ubuntu   TestCerts  openssl rsa -in IServer Key pem -out IServer Key pkcs8 pem -pubin  unable to load Public Key  5925 error 0906D06C PEM routines PEM read bio no start line pem lib c 650  Expecting  PUBLIC KEY  user ubuntu   TestCerts  openssl rsa -in IServer Key orig prikey pem -out IServer Key pkcs8 pem  unable to load Private Key  5993 error 0D0680A8 asn1 encoding routines ASN1 CHECK TLEN wrong tag tasn dec c 1316   5993 error 0D06C03A asn1 encoding routines ASN1 D2I EX PRIMITIVE nested asn1 error tasn dec c 828  5993 error 0D08303A asn1 encoding routines ASN1 TEMPLATE NOEXP D2I nested asn1 error tasn dec c 748 Field n  Type RSA  5993 error 0D09A00D asn1 encoding routines d2i PrivateKey ASN1 lib d2i pr c 99   5993 error 0907B00D PEM routines PEM READ BIO PRIVATEKEY ASN1 lib pem pkey c 125   user ubuntu   TestCerts  openssl pkcs8 -in IServer Key orig prikey pem -out IServer Key pkcs8 pem -nocrypt  Error decrypting key  6022 error 0906D06C PEM routines PEM read bio no start line pem lib c 650  Expecting  PRIVATE KEY   Any help would be very much appreciated at this point

User · Answer

To convert the private key from PKCS 1 to PKCS 8 with openssl     openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1 key -out pkcs8 key   That will work as long as you have the PKCS 1 key in PEM  text format  as described in the question

User · Answer

Try using following command  I haven t tried it but I think it should work    openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt

[openssl] Convert PEM traditional private key to PKCS8 private key

Examples related to openssl

Examples related to certificate