I have a .pk file that should contain a private key. I can not find any information about this file format. Is it similar to .pkcs12?
How can I retrieve the private key from this kind of file?
According to fileinfo.com .pk is not a known certificate store file extension. Maybe you could ask from the source of the file why they named it like that.
Check if it's pkcs12 file by trying to output info about the file:
openssl pkcs12 -info -in yourfile.pk
If it's pkcs12 then you can export the private key from it with the following command:
openssl pkcs12 -in yourfile.pk -nocerts -nodes privatekey.pem
Obviously, your file is in PEM format. You can check the file in text editor for -----BEGIN texts to see what's inside. Cand you see BEGIN ENCRYPTED PRIVATE KEY or BEGIN RSA PRIVATE KEY or BEGIN PRIVATE KEY text in the file? Are there also certificate(s) in the same file, i.e. can you see BEGIN RSA PUBLIC KEY or BEGIN PUBLIC KEY once or multiple times?
You can remove a passphrase from RSA private key like this:
openssl rsa -in yourfile.pk -out privatekey.pem
Related
I have generated a an ED25519 SSH key pair using
ssh-keygen -t ed25519
The output of the id_ed25519 file is in OpenSSH format:
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
I would like to convert it to a PEM file format. If it were an RSA key pair, there would be no need for that as an RSA id_rsa key is already in a PEM file format but the ED25519 key pair is an OpenSSH format.
How can I convert this to a PEM file format?
Use
ssh-keygen -p -f path/to/your/key -m pem
to convert your key file to PEM, but be sure to make a backup of the file first.
Taking from https://github.com/pickware/github-action-ssh-agent
I think this would work:
openssl pkey -in ed25519.pem -out ed25519.pub -pubout
It does for a private key generated this way:
openssl genpkey -algorithm ed25519 > ed25519.pem
I haven't tested ssh-keygen's private key format explicitly but I would assume that it is using OpenSSL under the hood. If the private key's base64 starts with "MC", then I would say it probably would be compatible.
I was given an RSA encrypted .txt file to be decrypted and another .pub file to be used as a key to decrypt the same. I'm new to OpenSSL.
the FILES: https://www.dropbox.com/sh/j8581rdazdy0fxs/AABqsREMVMtDK53gtHQNYfkKa?dl=0
OpenSSL> rsa -noout -text -inform PEM -in key_5.pub -pubin
I executed the following command and got a hexdump of the key_5.pub file. (As attached)
The Modulus value is in hexadecimal form. How do I recover it in decimal form?
Or is there any other way to decrypt the orignal file?
I'm trying to read an encrypted PKCS8 private key file. I generated the keys like this:
openssl genrsa -out file.pem -passout pass:file -aes256 1024
openssl pkcs8 -topk8 -inform pem -in file.pem -outform pem -out filePKCS8.pem
And I try reading it in Go this way:
block, _ := pem.Decode(key)
return x509.DecryptPEMBlock(block, password)
But I get an error saying:
x509: no DEK-Info header in block
However, I can't figure out what's going wrong. Am I generating the key wrong or am I using the wrong library? I see libraries specifically for reading unencrypted PKCS8 files but none for encrypted PKCS8 files specifically.
Does anyone have any idea?
Go don't have function to decrypt PKCS8 keys in standard library.
You can this package:
https://github.com/youmark/pkcs8/blob/master/pkcs8.go#L103
A longer explaination for anyone with the same problem.
What would work
Your first command
openssl genrsa -out file.pem -passout pass:file -aes256 1024
generates a PKCS#1 private key file (file.pem):
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1DA219DB746F88C6DDA0D852A0FD3232
AEf09rGkgGEJ79GgO4dEVsArwv4IbbODlxy95uHhfkdGYmuk6OlTpiCUE0GT68wn
KFJfBcHr8Z3VqiHGsXxM5QlKhgnfptxfbrdKErgBD5LQcrvnqmf43KeD4lGQcpiy
...
...
mAKMCwiU/GKZz8ZwQ4qGkBlVVCOFfgwmfbqguJF2l8yzM8lYI9MZ9NEwKkvEbc
-----END RSA PRIVATE KEY-----
This private key file can be parsed and decrypted by x509.DecryptPEMBlock() alright.
What would not work and why
Your second command
openssl pkcs8 -topk8 -inform pem -in file.pem -outform pem -out filePKCS8.pem
converts that file into PKCS#8 format (filePKCS8.pem).
The subcommmand genpkey would directly produce a similar result:
openssl genpkey -algorithm RSA -aes256 \
-pkeyopt rsa_keygen_bits:1024 -out filePKCS8.pem
The generated filePKCS8.pem (either way) would look similar to this:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIISrTBXBgkqhkiG9w0BBQ0wSjKpBgkqhkiG9w0BBQwwHAQIKL+ordsVfqsCAggB
MAwGCCqGSIb3DQIJCQAwHQYJYIZIWAUDBAEqBBCipOAAxWkC0/zkNLNYTSMgBIIS
...
...
zfdxjZ0XmPiwED2azsLMnRrWnRj2UqMtnv9zO/ucik9za
-----END ENCRYPTED PRIVATE KEY-----
x509.DecryptPEMBlock() does not support this format. And as specified in #8860, the Go's core library has no real plan to support pkcs#8 in the near future.
As mentioned by Gregory, if you want to work with it, you'll have better luck with 3rd party library like github.com/youmark/pkcs8 (Documentation).
I have pkcs12 keystore(.p12) which contains multiple private key entries(3 entries) I want to extract only one key from this store and use that key to decrypt a file(which encrypted by a public key)
Are there any way to extract one key from the store via openssl by using key alias??
Try the following command to extract the private key from your PKCS12 container:
openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem
I have a file I need to encrypt with a public key I got public.asc. This key was shared with me over encrypted email. I have a zip file that I need to encrypt using this public key and share over SFTP.
I tried using openssl:
openssl rsautl -encrypt -inkey public.asc -pubin -in file.zip -out file.zip.enc
but openssl displays the flag options and no error message. Also, I'm suspecting that .asc files should be encrypted with some other software.
Thanks