stackoom
  简体   繁体   中英

How to convert a private key to an RSA private key?

 原文  2013-07-18 20:44:32       ssl/ openssl/ ssl-certificate/ amazon-iam

Question

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"

I use the SSL cert on my server and everything looks fine.

Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth

iam-servercertupload -b public_key_certificate_file  -k privatekey.pem -s certificate_object_name

I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."

The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"

Is there a way to convert my private key to an RSA private key using openssl?

3 answers

solution1
 170 ACCPTED  2013-07-18 21:56:39

Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:

openssl rsa -in server.key -out server_new.key

Alternately, if you have a PKCS1 key and want PKCS8:

openssl pkcs8 -topk8 -nocrypt -in privkey.pem

solution2
 31  2016-05-27 12:41:05

This may be of some help (do not literally write out the backslashes '\\' in the commands, they are meant to indicate that "everything has to be on one line"):

何时应用哪个命令

It seems that all the commands (in grey) take any type of key file (in green) as "in" argument. Which is nice.

Here are the commands again for easier copy-pasting:

openssl rsa                                                -in $FF -out $TF
openssl rsa -aes256                                        -in $FF -out $TF
openssl pkcs8 -topk8 -nocrypt                              -in $FF -out $TF
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -in $FF -out $TF

and

openssl rsa -check -in $FF
openssl rsa -text  -in $FF

solution3
 18  2019-06-14 05:53:01

要将BEGIN OPENSSH PRIVATE KEY转换为BEGIN RSA PRIVATE KEY

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Flash SecureSocket and RSA private key SSL certificate and private key (RSA) Convert private key in PEM format how to convert ssl private-key.txt to private.key extension Read RSA private key of format PKCS1 in JAVA how to convert a pki to jks if I don't have the private key? How to setup SSL certificate on Google Cloud Platform without PEM encoded RSA private key Convert a PKCS#8 private key to PEM in java How to extract public key from old key file to use with new private key (lost private key password) Postfix cannot get RSA private key from file /etc/ssl/private/server.key: disabling TLS support
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM