Convert PEM traditional private key to PKCS8 private key

问题:

I've been given a PEM file with a certificate and pub/private keys. Specifically it includes the headers

-----BEGIN CERTIFICATE-----    -----END CERTIFICATE-----    -----BEGIN RSA PRIVATE KEY-----    -----END RSA PRIVATE KEY-----    -----BEGIN RSA PUBLIC KEY-----    -----END RSA PUBLIC KEY----- 

in that specific order.

My understanding is without a header following the BEGIN RSA PRIVATE KEY header that this pem file contains a private key in the traditional format (PKCS1) without encryption.

I need to convert this private key to a DER encoded PKCS8 unencrypted format for use with java server code, specifically PKCS8EncodedKeySpec. I've tried OpenSSL, both with rsa and pkcs8 commands, but with no luck. There's no specific need to use openssl if there is something easier.

Specifically:

openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -pubin openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt 

I've also tried specifying the inform and outform without success.

user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.pem -out IServer_Key.pkcs8.pem -pubin  unable to load Public Key  5925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650: Expecting: PUBLIC KEY  user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem  unable to load Private Key  5993:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:  5993:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828: 5993:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=n, Type=RSA  5993:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99:  5993:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:125:  user@ubuntu:~/TestCerts$ openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt  Error decrypting key  6022:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650: Expecting: PRIVATE KEY 

Any help would be very much appreciated at this point.

回答1:

Try using following command. I haven't tried it but I think it should work.

openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt 

回答2:

To convert the private key from PKCS#1 to PKCS#8 with openssl:

# openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1.key -out pkcs8.key 

That will work as long as you have the PKCS#1 key in PEM (text format) as described in the question.

文章来源: Convert PEM traditional private key to PKCS8 private key