Hi David, Your attached sample certificate and private key (1024 bit RSA) works fine. I am reading it with PEM_read_PrivateKey( fp, &key, NULL, NULL), and also PEM_read_bio_PrivateKey(pkeybio, NULL, 0, NULL) works. If you could post the code or code fragment that creates the problem? d2i_RSAPrivateKey() is not reading PEM, just making sure... Best wishes, Frank Migge > David Lobron <mailto:dlobron at akamai.com> > Saturday, October 10, 2015 12:33 AM > Hello openssl people, > > I am trying to read a private key of a certificate into memory using > d2i_RSAPrivateKey. I'm able to read the certificate without a problem, > but when I pass the private key to d2i_RSAPrivateKey, it fails to > parse. I do not see an error message or errno being set - > d2i_RSAPrivateKey simply returns NULL. I've generated a self-signed > cert which reproduces the problem, and I've attached it to this > message (this is a throwaway cert, not in use for anything, so I'm > knowingly sending the private key). The command I used to generate > this cert and its key was: > > openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days > 36500 -nodes -outform PEM > > I have another cert where the private key *is* parseable by > d2i_RSAPrivateKey. I printed out both certs from the command line, and > compared them. They appear almost identical. The only difference I see > is that when I print the attached unparseable cert, the Signature > Algorithm section has 8 lines of hex. In the parseable cert, I see 15 > lines of hex. Both certs use sha1WithRSAEncryption as the algorithm, > with 1024 bits. > > Can anyone help me understand why the private key in the attached cert > is not readable by d2i_RSAPrivateKey? I'm running these tests on a > Mac, but the same thing happens on Ubuntu Linux. > > Thank you, > > David > > Printout of the attached cert, which fails to parse with > d2i_RSAPrivateKey: > > MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined > -text -noout > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, > OU=KMI, > CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron at akamai.com > Validity > Not Before: Oct 8 15:47:30 2015 GMT > Not After : Jan 16 15:47:30 2016 GMT > Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, > OU=KMI, > CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron at akamai.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51: > 77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03: > 63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8: > 27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60: > 53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2: > ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16: > bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c: > 02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87: > e7:82:39:f9:09:1b:ee:56:f9 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Key Identifier: > 2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5 > X509v3 Authority Key Identifier: > keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5 > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: sha1WithRSAEncryption > 5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03: > 66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54: > 46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70: > a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d: > 58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61: > 1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e: > d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab: > 37:c8 > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Sent with Postbox <http://www.getpostbox.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151010/12dc9e0f/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: compose-unknown-contact.jpg Type: image/jpeg Size: 770 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151010/12dc9e0f/attachment.jpg>
