Hi,
I have searched the web for this answer and there are several suggestions on
how to do this , but my attempts have failed to convert an private
key[generated in java keystore and exported via java code] to a PEM format
which I need for my application.
These are the steps I have done:
Keytool -v -genkey -keyalg RSA -keysize 1024 -keystore c:\security\keystore
-alias XXXX -dname "cn=servername.domain.com, ou=None, L=YYY, ST=TTTT,
o=ExampleOrg, c=US
I then created CSR's,etc [assuming it uses the private key in the keystore],
got is signed and imported it back into the keystore.
I then exported the certs and converted them into PEM format. - All ok it
seems
I then exported the private key [in java code], checked it was in PKCS8 form
- See below
"if (key instanceof PrivateKey && "PKCS#8".equals(key.getFormat())) {
// Get certificate of public key
keyOutput = new
FileOutputStream("c:\\security\\priv.key");"
I then attempted to convert it using OpenSSL - see below
openssl pkcs8 -inform PEM -nocrypt -in c:\security\priv.key -out
c:\security\pemkey.pem
What I get is the following error [note I have used several keys in the
openssl command, the one above is one of them]
"Error decrypting key 4120:error:0906D06C:PEM routines:PEM_read_bio:no start
line:.\crypto\pem\pem_lib
.c:647:Expecting: PRIVATE KEY"
I have search for this error with no great results, I am no expert on
Keystore but it is something I have to use - I need the private key and
signed cert in PEM format , it is the key that is blocking me at the
moment.... any ideas what I am doing wrong ?
Appreciate any advice and thanks in advance
Eoin
--
View this message in context:
http://old.nabble.com/problem-converting-PKCS8-keystore-private-key-to-PEM-tp27851781p27851781.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
