In message <mailman.350.1512164055.27609.openssl-users@xxxxxxxxxxx> on Fri, 01 Dec 2017 21:34:15 +0000, openssl-users-request@xxxxxxxxxxx said: openssl-users-request> Hi, openssl-users-request> openssl-users-request> I have a `Certificates.p12` file that I wish to convert to a openssl-users-request> `certificates.pem` containing an unencrypted private key in PKCS#1 format. openssl-users-request> I have previously been able to do this by running: openssl-users-request> openssl-users-request> openssl pkcs12 -in Certificates.p12 -out certificates.pem -nodes openssl-users-request> -clcerts openssl-users-request> openssl-users-request> The resulting `certificates.pem` file has a `PRIVATE KEY` PEM block, as openssl-users-request> expected. However, the library I'm using openssl-users-request> <https://github.com/sideshow/apns2/blob/master/certificate/certificate.go#L80> openssl-users-request> does openssl-users-request> not understand this PEM block, because it expects it to be a PKCS#1 private openssl-users-request> key. The ASN.1 structure of a PKCS#1 private key is defined by RFC 3447 openssl-users-request> <https://tools.ietf.org/html/rfc3447#appendix-A.1.2> as: 'openssl pkcs12' outputs a PKCS#8 structure, which is the default for new private keys in OpenSSL. You might be interested in this structure, it's documented in RFC 5208: https://tools.ietf.org/html/rfc5208 You might want to tell github:sideshow as well... it's actually pretty easy, the package they use has a function to parse PKCS#8 private keys as well: https://golang.org/pkg/crypto/x509/#ParsePKCS8PrivateKey openssl-users-request> How do I make `openssl pkcs12` output a correct openssl-users-request> PKCS#1 private key? You don't. If you want to insist on an older format, then conversion it is. Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
