On Wed, Apr 22, 2009, Bob Barnes wrote: > I've been working with OpenSSL to try and convert an existing private key > generated by an old SSL software package and during the process of using > PKCS8 to decrypt from the "Encrypted Private Key" to the "RSA Private Key" I > get an error "No Octet String in PrivateKey". My understanding is that this > is due to some improper encoding, which OpenSSL is able to work around. I'm > able to successfully re-encrypt the resulting private key with a new > password and to combine that private key with the certificate chain using > PKCS12 into what appears to be a valid PKCS12 file, however, the resulting > file is not importable into IBM's DCM due to an "ASN1 encoding error". I > suspect that this may be due to the original encoding problem, although I'm > not certain. Assuming that's the case, can someone give me an explanation of > the "No Octet..." error and is OpenSSL capable of correcting the original > encoding problem either during the original decryption or at some other > point in the process or is that simply not possible. >
The encoding error is just something OpenSSL tolerates in the key format. It is not propagated to other formats which use the right form. I'd suggest messing round with some of the options such as -nomaciter and alternative certificate and key encryption algorithms. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
