You're not entering the correct passphrase for your private key.
JSYK, since you posted (even an encrypted form of) your private key to
a public list, you should treat it as compromised, generate a new
keypair, and rekey your CA.
-Kyle H
On Tue, Dec 16, 2008 at 11:43 AM, Jon Williams (TS)
<jwilli...@thinkstream.com> wrote:
> I am still new to SSL. I am hoping for some help. I am trying to
> understand a "bad decrypt" error. Here is what I tried to do:
>
>
> Signing CSR and saving tomcatcer.pem .
> openssl ca -config %OPENSSL_HOME%\bin\openssl.cfg -policy policy_anything
> -out tomcatcer.pem -outdir %OPENSSL_HOME%\bin\PEM\myCompany -infiles
> %OPENSSL_HOME%\bin\PEM\myCompany\tomcat.csr
> Using configuration from C:\OpenSSL\bin\openssl.cfg
> Loading 'screen' into random state - done
> Enter pass phrase for c:\OpenSSL/bin/PEM/myCompany/CA/private/cakey.pem:
> unable to load CA private key
> 3048:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:.\crypto\evp\evp_enc.c:461:
> 3048:error:0906A065:PEM routines:PEM_do_header:bad
> decrypt:.\crypto\pem\pem_lib.c:425:
>
>
> Here are snippets from the source files causing the issue:
> evp_enc.c
> -----
> int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
> {
> int i,n;
> unsigned int b;
>
> *outl=0;
> b=ctx->cipher->block_size;
> if (ctx->flags & EVP_CIPH_NO_PADDING)
> {
> if(ctx->buf_len)
> {
>
> EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
> return 0;
> }
> *outl = 0;
> return 1;
> }
> if (b > 1)
> {
> if (ctx->buf_len || !ctx->final_used)
> {
> EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
> return(0);
> }
> ......
>
>
> pem_lib.c --> int
> --------
> int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
> pem_password_cb *callback,void *u)
> ....
> if (!o)
> {
> PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
> return(0);
> }
>
>
>
> myKey
> -------------
>
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,EEC5B44B6EE71902
>
> faDb1mS9dBvMbsqTYyhoEKJI0FBKHxT7Zagux9tP2LHFz8F6MIy4+sbt3w6Wg5Hq
> rYCX46DoXxqh1kpSbkGIXnltB4FbwIChHkjDE6MMHOJdy7KSyjxuRnXzg+F5AAu1
> 208sbMobwy8NIFObk4QtCeo5mi4hZE0nzgBkJXm85F2645pYobbdYhVAHeCzs3Q5
> hKwleqhm1jHJl9OKdnhyCBczSq1ZN4bTAgdbc2hHn8jFa4du9jdedf5KrhoQvIwC
> 6lDGtRK+Q5+o+FSi/6y2r9SFHso0wMd8WHzRErKw3+xU/A8HTUz6lEdVhSWWtQdj
> YxBsJB2rW8rAQpdO7cQo2JPieIFGNXyEzI7nUphV0kVkXT9fvXOoVAqT6qD+zJj+
> dwReUeuIjfZbgmsHqc1poISKGJlCo1Rq6XBxyVw4xem6WUwTN1T0FdN72WhPDBOb
> uSQbcNIuOF+WvZcqNnWfjt4l3ixQIxsPYO5gHDl5ah8OzltvazOFMCQtDNLFBXDJ
> by6ZvvW61NT91t1ihMpbUa21sYdW7EHMxwS3lL8CrgJyiG+D4VsyTIsn26C2MpJF
> L99bvtAtGAd5T8UerZGnsQ4C80QYbS+i+dJ2heqOxCtvken9+pFAgyXCehY0gI7o
> uT/KZuF7k6qXcwWw+/l5TSqZ1NFklnCsWMrWUD7mL+m5ZPrqv+C1/dSobBwjddnX
> 2/5uqk6N29ZxrOelq8bkRnL3zLXf1AiisbkKQxbIYAYyH+nkt1hH4KJvtbn1tt+s
> kTTxi2JKkhzk5rwJjySqMy8+TZxvp3AEBdCDrEtmJck=
> -----END RSA PRIVATE KEY-----
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
