[...]
> The old key file looked like this:
> -----BEGIN RSA PRIVATE KEY-----
> MIICXgIBAAKBgQC554Ro+VH.....
> -----END RSA PRIVATE KEY-----
this private key is NOT encrypted
>
> The new one looks like this:
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,65C2CF13E06D60D0
>
> fk7ZGTzDNXmI/IZL/VG+3CUIjh......
> -----END RSA PRIVATE KEY-----
this private key is encrypted
[...]
> When I try and use this new key in my plugin I get the
> following error:
> 13822:error:06065064:digital envelope
> routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277:
^^^^^^^^^^^
wrong or no passphrase ? ( did you set a password callback
function ? )
> 13822:error:0906A065:PEM routines:PEM_do_header:bad
> decrypt:pem_lib.c:451:
> 13822:error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:missing asn1
> eos:ssl_rsa.c:706:
>
> The method that is throwing up this error is
> SSL_CTX_use_PrivateKey_file(ctx,
> clientKeyFile,SSL_FILETYPE_PEM) where clientKeyFile is
> the path and filename of the client key.
>
> Should I be using a different method to load this new
> client key?
You must tell OpenSSL how to get the passphrase to decrypt
your key. From the SSL_CTX_use_PrivateKey_file manpage :
...
The private keys loaded from file can be encrypted. In
order to successfully load encrypted keys, a function
returning the passphrase must have been supplied, see
SSL_CTX_set_default_passwd_cb(3).
...
> Or is there more behind it? What would be
> useful too is if someone could point out how to
> generate a key like my original one(as a workaround).
Try a decrypted private key.
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
