I have these private keys that have been converted to single line equivalent.
These keys are quite a lot.
So I decided to invest some time to write a script to convert.
This has not yielded to much.
-----BEGIN RSA PRIVATE KEY----pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4= pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4= pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4= pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4= pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4= -----END RSA PRIVATE KEY-----
I am using echo ~/.ssh/id_rsa | tr " " "\n"
This returns:
-----BEGIN
RSA
PRIVATE
KEY-----
pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=
pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=
pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=
pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=
pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=pEdInVAbH4d0PH4=
-----END
RSA
PRIVATE
KEY-----
I have been trying to figure out the best possible way to get this back to the right format.
Assuming a standard RSA private key that just had the newlines removed, a couple of sed replacements will get you back to the original format:
sed -e "s/-----BEGIN RSA PRIVATE KEY-----/&\n/"\
-e "s/-----END RSA PRIVATE KEY-----/\n&/"\
-e "s/\S\{64\}/&\n/g"\
~/.ssh/id_rsa
The standard key format requires the BEGIN and END statements to be on a separate line, and the base64-encoded key to be formatted at 64 columns. The above command will get you there.
#robby Thanks from your answer I adapted the following which worked for me.
sed -e "s/-----BEGIN RSA PRIVATE KEY-----/&\n/" -e "s/\S\{64\}/&\n/g" | sed "s/^\s//g" ~/.ssh/id_rsa
I adapted the solution to ed25519 algorithm to talk to Gitlab via SSH. Thanks #Robby!
RUN sed -i -e "s/-----BEGIN OPENSSH PRIVATE KEY-----/&\n/"\
-e "s/-----END OPENSSH PRIVATE KEY-----/\n&/"\
-e "s/\S\{70\}/&\n/g"\
/root/.ssh/id_ed25519
Input
-----BEGIN OPENSSH PRIVATE KEY----- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== -----END OPENSSH PRIVATE
KEY-----
Output
-----BEGIN OPENSSH PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
-----END OPENSSH PRIVATE KEY-----
Related
I know we can use openssl to do that. However that requires the private key. In my case, I don't have the private key and only have the public key. I uses Google Cloud HSM and the private key is not accessible directly. I can only download the public key. Then how can I do it?
My public key, it uses secp256r1:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhspCFgsa/oSDJajb8DvaLhLURUbD
C2UXU1E/a//ht4NMLTadhSMc195SL8YD55tPXR6bvERBrZfYEmpBlkr8BQ==
-----END PUBLIC KEY-----
Is openssl required as the solution? I cannot see a way of getting the information you ask for that way.
I got this information via a simple Java program:
EC public key, 256 bits
public x coord: 60967280926790184513158415212015267447322831299023265344568139622352475502467
public y coord: 34455661551278605550386928620071510096611427884751984970963480406192147856389
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
The Java code:
String keyAsTxt = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhspCFgsa/oSDJajb8DvaLhLURUbDC2UXU1E/a//ht4NMLTadhSMc195SL8YD55tPXR6bvERBrZfYEmpBlkr8BQ==";
byte[] keyAsBytes = Base64.getDecoder().decode(keyAsTxt);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyAsBytes);
KeyFactory keyFactory = KeyFactory.getInstance("EC");
PublicKey publicKey = keyFactory.generatePublic(keySpec);
System.out.println(publicKey);
You could use:
openssl ec -pubin -noout -text -conv_form uncompressed
This will output:
Public-Key: (256 bit)
pub:
04:86:ca:42:16:0b:1a:fe:84:83:25:a8:db:f0:3b:
da:2e:12:d4:45:46:c3:0b:65:17:53:51:3f:6b:ff:
e1:b7:83:4c:2d:36:9d:85:23:1c:d7:de:52:2f:c6:
03:e7:9b:4f:5d:1e:9b:bc:44:41:ad:97:d8:12:6a:
41:96:4a:fc:05
ASN1 OID: prime256v1
NIST CURVE: P-256
04 indicating it is uncompressed (we forced this), the X and Y coordinates are just concatenated behind each other:
X (hex): 86:ca:42:16:0b:1a:fe:84:83:25:a8:db:f0:3b:da:2e:12:d4:45:46:c3:0b:65:17:53:51:3f:6b:ff:e1:b7:83
Y (hex): 4c:2d:36:9d:85:23:1c:d7:de:52:2f:c6:03:e7:9b:4f:5d:1e:9b:bc:44:41:ad:97:d8:12:6a:41:96:4a:fc:05
A possible bash pipeline could be (would need to assure openssl text cli output is stable):
| grep -E "^ +.*" | tr -d ' \n' | sed 's/^...//' | sed 's/./ /96'
I have a private key that is in the following format, unfortunately I can't share the actual key, so the base64 code is masked:
-----BEGIN PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-ECB,4C425124E54FEA716FEE437A01473736
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
**********************==
-----END PRIVATE KEY-----
So I have little application that comes from 2010, written by Huawei called CardManufactureFileDecrypt that uses the private key, a certificate and the password / passphrase to successfully decrypt files that contain vouchers, so from that I can deduce that the file is intact, also that the password or passphrase I have is correct.
So my question is does anyone know how to read an encrypted private key in the form of BEGIN PRIVATE KEY? Or perhaps what libraries from about 10 years ago would have produced / consumed keys in this style?
When I try to read the private key with openssl I get the following error(s):
$ openssl rsa -in PrivateKey_E8.p8 -out PrivateKey_E8_unencrypted.p8
unable to load Private Key
139978370384320:error:0906B082:PEM routines:PEM_get_EVP_CIPHER_INFO:unexpected dek iv:../crypto/pem/pem_lib.c:551:
Or:
$ openssl pkcs8 -in PrivateKey_E8.p8 -out PrivateKey_E8_unencrypted.p8
Error reading key
140719466078656:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ENCRYPTED PRIVATE KEY
I have this private key and I am trying to decrypt the ciphertext:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAkfmJTVkwbRXOtWN76j2MAmbwCMReCkV3hWG+23zEmivwVEUtlUNvmFkSx9fFSRgGLMW+TPleLybU629fYDTXSPmIzLM3faxIyzyI2LJdRAaQMWo1FUcVI8ME5/BX9T5Ebu6D2dA8zJzJ68dGkHmhSxhOC97vLQfjj3tNCAL1IulyVk/ZyV6BVPxpiD3WB4rfo+SBe8H7019+dnaR/DcTcCsxF+oj7KOunfPPqBZBGMRe7ADj/vPYqgpoTWyA8m0juJyVNjqBnFUeyZEPwjqYUKEXpw64YXDZH/hbJI6VaFmj/KpMzBv/gIowE+yOu1V5tsOSCqDsd6EgDfQU92FhpwIDAQABAoIBAEkkZb3SAMfH84lDzeUy7aKOfZuG+S/gWuEEdyN3QvOVLJitCQgPgC0wBI8J+JqFZSKt+oqLMLwjkvBdH8cO8whnsDoRWq6n0tmy/UbHKKBbQYjhFLQSp+8BWsX00b3ac2O6M2rCQpSrwylW8m6V41HDXefozqMbntRYDeMDyFyzJnto2nBJ4sM7esiSIhERUeXlz8QHmxn0Ay3j8LnSBtCKdZ3nAQ19No6naRu7IbrMGbqWnzxiWa5PqJa1gF9wMMHI0Vfz6lT6x/qT5nYPORRxakuuUg9BmwJmhElOZqf/tC3YCcrGOfq04u+AS+S2GE7C2yOAfhX15HgP8FeiEdECgYEAu1vMVNMRrjbkLF4wBJ4tOVDylDEU9/quuzK21JVKEePZJP/gK2O+1nO9xGGfFRtnBeDnz7mgLuD04lnRZnSFfE+S3WDcb94hkJl0K00Z2sGIPvSR7S5853kua591QT6QNhTDP8PUdIGrSZBFJ+DyZgdBdlcxOiNh0nWzIFbWnx0CgYEAx3RiM3ySvsb7ZOg3/RMWD4r33rb3DRiDoa5PObNtqesbqYU5BOUl3IQY86kYwLQttgrcgb9xtTmBXS0rcWSAa3ndXdULujRIwK3IaJTz98Pu9iAzj8RNIFk9Sw9kUzmAHaSzXgZcjf9c5lL7jgrwjEfYeKvgkW1VoIb9lKng1JMCgYBE8AgFBgyxX30hXh6o9FKLjl9Ta6Pdgp2cP5LKMYwpfP6/AG9JR9BGNBwVEB5qs8R6g0CITDLGTPuN9aJ44lLjZJwTXLp/ZupOvEfkTuA+f4tULsUq0jofKZWNAAUy1oRVgdo9sh6QJ84QqUbo33oRVIYftwFj9PTfbXNVaN5beQKBgC/vudZT/1TYr/ztjt9FIg00QiSF5tR/6ssGAMaGaDnpZqmUekLB7BqWqQSOxIM0CrRw4dRRNbvviTbir0k+dVrfXCO8G2hyPnYIjl0MR6JptdnznVDVRhAbQo7ysRMLg84cEnvrnX0HPcWhdhIKcQvWDKHb9Uoec/Dz4KhFN+L/AoGATnaM4pl/tv735KcNn+qpgyB2Qd01qasRahecchPZqujH0+roS3llDJFN09NG9BzmAQFi2yH7Asx5KmIHqyWiYqyMXGUcsauT3u+xsDYWxObqAW7q7sMCKlfRtsnEWli3FOWNufO0TBwGeL9xVjL3nXXIsD9J5/iq1cH/RuIVoX4=
-----END RSA PRIVATE KEY-----
The ciphertext:
M8zhAvxu/lkEcH42Eoe/cPjL6WJwPo1FZOK8Ta4SmigoHl9omd5Dol84vY3GfyzIZ0hHHp5gO3A4MjktImsLnT3Xx/myUearG/Ii24C+6irFapMqghziuMDYpeh7rs8G8ggE/rkjZaAAPSb/FgEDQkknL2qr4kxwyQybsnfmDDUqJ3q3lf0gRBDJ/2yr+aQyUcw3nK/zewbZjwlUeSyTvs76HhFtUDTyAlhB37961j9qfu+cxX34PtJlHWlF7k0WAuxQ4w7aCwkuQIvBOk/FUK3Ta1TrGEXg9iczPj6QacLI2DSjEPbODHsje82Fw+1ylcD1tF2mZ7GnnqtUw/9YoQ==
I tried to use these commands but without sucess:
openssl rsautl -decrypt -in ciphertext -out plaintext -inkey private_key
In this case I get the fallowing error:
rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len:rsa_eay.c:518
openssl enc -in ciphertext -out binarytext -d -a
openssl rsautl -decrypt -in binarytext -out plaintext -inkey private_key
If I try these 2 commands I get this error:
rsa routines: RA_padding_check_PKCS1_type_2:pkcs decoding error
rsa routines: RSA_EAY_PRIVATE_DECRYPT:padding check failed
I've created public and private keys using PuttyGen then the public key was used to encrypt a message.
I am now trying to decrypt such message using the private key with the following command:
echo [my encrypted message] | openssl enc -d -base64 -A | openssl rsautl -decrypt -inkey ~/.ssh/private.ppk
but I get the error:
unable to load Private Key
6870300:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
The private key looks like this (actual key omitted):
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20170724
Public-Lines: 6
[...]
Private-Lines: 14
[...]
Private-MAC: [...]
What's wrong?
Thanks to this guy I sorted it out.
I've reopened the private key with PuttyGen and exported as OpenSSH, then used this new file to decrypt the message.
I need to use the PEM formatted public key for some purpose, but not finding the command which can convert DER formatted public key to PEM formatted public key.
The command I have used -
openssl rsa -in user_id_rsa.pub -inform DER -outform PEM -out pubkey.pem
But i got the below error -
unable to load Private Key
139901900170912:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
139901900170912:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:677:
139901900170912:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
139901900170912:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:388:Type=RSA
My expected output should be in this format-
-----BEGIN RSA PUBLIC KEY-----
KEY CONTENT
-----END RSA PUBLIC KEY-----
Is anyone has try the same?