One way to check it is:
openssl rsa -inform PEM -in whateveryourfilenameis.pem -check -noout
KyleMac:ossl kyanha$ openssl rsa -inform PEM -in testkey.pem -check -noout
Enter pass phrase for testkey.pem:
unable to load Private Key
1702:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:461:
1702:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
This will prompt for your passphrase. I tried using "changeit" but it
does not work. This means that you're simply entering the wrong
passphrase.
Try using:
openssl genrsa -des3 2048
(Honestly, I'd suggest using the -sha256 parameter instead of -des3,
but that's just because I don't trust DES at this point.)
Anyway, the envelope around the key is intact. The passphrase just isn't right.
-Kyle H
On Wed, Dec 17, 2008 at 8:33 AM, <django...@gmail.com> wrote:
> Thanks very much for your input. That is what I suspected but I tried over
> and over again and I tried to be very careful. The code snippet I posted
> here suggests that the password isn't bad but the real problem is a "wrong
> final block length? Thats hard to believe also. That is why I posted my test
> key.
>
> The key I posted on this forum was just a test. The password "changeit"
> should work for it but it doesn't.
>
> I'll keep trying. I'll install a brand new OpenSSL and start from scratch
> again.
>
> -Jon
>
>
> On Dec 17, 2008 1:18am, Kyle Hamilton <aerow...@gmail.com> wrote:
>> You're not entering the correct passphrase for your private key.
>>
>>
>>
>>
>>
>> JSYK, since you posted (even an encrypted form of) your private key to
>>
>>
>> a public list, you should treat it as compromised, generate a new
>>
>>
>> keypair, and rekey your CA.
>>
>>
>>
>>
>>
>> -Kyle H
>>
>>
>>
>>
>>
>> On Tue, Dec 16, 2008 at 11:43 AM, Jon Williams (TS)
>>
>>
>> jwilli...@thinkstream.com> wrote:
>>
>>
>> > I am still new to SSL. I am hoping for some help. I am trying to
>>
>>
>> > understand a "bad decrypt" error. Here is what I tried to do:
>>
>>
>> >
>>
>>
>> >
>>
>>
>> > Signing CSR and saving tomcatcer.pem .
>>
>>
>> > openssl ca -config %OPENSSL_HOME%\bin\openssl.cfg -policy
>> > policy_anything
>>
>>
>> > -out tomcatcer.pem -outdir %OPENSSL_HOME%\bin\PEM\myCompany -infiles
>>
>>
>> > %OPENSSL_HOME%\bin\PEM\myCompany\tomcat.csr
>>
>>
>> > Using configuration from C:\OpenSSL\bin\openssl.cfg
>>
>>
>> > Loading 'screen' into random state - done
>>
>>
>> > Enter pass phrase for c:\OpenSSL/bin/PEM/myCompany/CA/private/cakey.pem:
>>
>>
>> > unable to load CA private key
>>
>>
>> > 3048:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
>>
>>
>> > decrypt:.\crypto\evp\evp_enc.c:461:
>>
>>
>> > 3048:error:0906A065:PEM routines:PEM_do_header:bad
>>
>>
>> > decrypt:.\crypto\pem\pem_lib.c:425:
>>
>>
>> >
>>
>>
>> >
>>
>>
>> > Here are snippets from the source files causing the issue:
>>
>>
>> > evp_enc.c
>>
>>
>> > -----
>>
>>
>> > int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int
>> > *outl)
>>
>>
>> > {
>>
>>
>> > int i,n;
>>
>>
>> > unsigned int b;
>>
>>
>> >
>>
>>
>> > *outl=0;
>>
>>
>> > b=ctx->cipher->block_size;
>>
>>
>> > if (ctx->flags & EVP_CIPH_NO_PADDING)
>>
>>
>> > {
>>
>>
>> > if(ctx->buf_len)
>>
>>
>> > {
>>
>>
>> >
>>
>>
>> >
>> > EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
>>
>>
>> > return 0;
>>
>>
>> > }
>>
>>
>> > *outl = 0;
>>
>>
>> > return 1;
>>
>>
>> > }
>>
>>
>> > if (b > 1)
>>
>>
>> > {
>>
>>
>> > if (ctx->buf_len || !ctx->final_used)
>>
>>
>> > {
>>
>>
>> >
>> > EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
>>
>>
>> > return(0);
>>
>>
>> > }
>>
>>
>> > ......
>>
>>
>> >
>>
>>
>> >
>>
>>
>> > pem_lib.c --> int
>>
>>
>> > --------
>>
>>
>> > int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long
>> > *plen,
>>
>>
>> > pem_password_cb *callback,void *u)
>>
>>
>> > ....
>>
>>
>> > if (!o)
>>
>>
>> > {
>>
>>
>> > PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
>>
>>
>> > return(0);
>>
>>
>> > }
>>
>>
>> >
>>
>>
>> >
>>
>>
>> >
>>
>>
>> > myKey
>>
>>
>> > -------------
>>
>>
>> >
>>
>>
>> > -----BEGIN RSA PRIVATE KEY-----
>>
>>
>> > Proc-Type: 4,ENCRYPTED
>>
>>
>> > DEK-Info: DES-EDE3-CBC,EEC5B44B6EE71902
>>
>>
>> >
>>
>>
>> > faDb1mS9dBvMbsqTYyhoEKJI0FBKHxT7Zagux9tP2LHFz8F6MIy4+sbt3w6Wg5Hq
>>
>>
>> > rYCX46DoXxqh1kpSbkGIXnltB4FbwIChHkjDE6MMHOJdy7KSyjxuRnXzg+F5AAu1
>>
>>
>> > 208sbMobwy8NIFObk4QtCeo5mi4hZE0nzgBkJXm85F2645pYobbdYhVAHeCzs3Q5
>>
>>
>> > hKwleqhm1jHJl9OKdnhyCBczSq1ZN4bTAgdbc2hHn8jFa4du9jdedf5KrhoQvIwC
>>
>>
>> > 6lDGtRK+Q5+o+FSi/6y2r9SFHso0wMd8WHzRErKw3+xU/A8HTUz6lEdVhSWWtQdj
>>
>>
>> > YxBsJB2rW8rAQpdO7cQo2JPieIFGNXyEzI7nUphV0kVkXT9fvXOoVAqT6qD+zJj+
>>
>>
>> > dwReUeuIjfZbgmsHqc1poISKGJlCo1Rq6XBxyVw4xem6WUwTN1T0FdN72WhPDBOb
>>
>>
>> > uSQbcNIuOF+WvZcqNnWfjt4l3ixQIxsPYO5gHDl5ah8OzltvazOFMCQtDNLFBXDJ
>>
>>
>> > by6ZvvW61NT91t1ihMpbUa21sYdW7EHMxwS3lL8CrgJyiG+D4VsyTIsn26C2MpJF
>>
>>
>> > L99bvtAtGAd5T8UerZGnsQ4C80QYbS+i+dJ2heqOxCtvken9+pFAgyXCehY0gI7o
>>
>>
>> > uT/KZuF7k6qXcwWw+/l5TSqZ1NFklnCsWMrWUD7mL+m5ZPrqv+C1/dSobBwjddnX
>>
>>
>> > 2/5uqk6N29ZxrOelq8bkRnL3zLXf1AiisbkKQxbIYAYyH+nkt1hH4KJvtbn1tt+s
>>
>>
>> > kTTxi2JKkhzk5rwJjySqMy8+TZxvp3AEBdCDrEtmJck=
>>
>>
>> > -----END RSA PRIVATE KEY-----
>>
>>
>> >
>>
>>
>> >
>>
>>
>> > ______________________________________________________________________
>>
>>
>> > OpenSSL Project http://www.openssl.org
>>
>>
>> > User Support Mailing List openssl-users@openssl.org
>>
>>
>> > Automated List Manager majord...@openssl.org
>>
>>
>> >
>>
>>
>> ______________________________________________________________________
>>
>>
>> OpenSSL Project http://www.openssl.org
>>
>>
>> User Support Mailing List openssl-users@openssl.org
>>
>>
>> Automated List Manager majord...@openssl.org
>>
>>
>>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
