[openssl-users] Converting a p12 or PEM formatted private key to a PKCS#1 format

Jakob Bohm jb-openssl at wisemo.com
Thu Sep 3 16:23:59 UTC 2015


On 03/09/2015 18:16, Viktor Dukhovni wrote:
> On Thu, Sep 03, 2015 at 04:06:06PM +0000, Viktor Dukhovni wrote:
>> On Thu, Sep 03, 2015 at 08:21:25AM -0700, tmcclure0501 wrote:
>>
>>> We have an embedded MQTT framework that we want to configure for mutual
>>> authentication.  The framework is complaining that it needs a key format of
>>> PKCS#1.  We have p12 and pem formats of the key.  Does openssl support
>>> converting keys to the PKCS#1, if so what is the command?
>> I've never heard of a PKCS#1 key format, I'm only aware of
>>
>>      PKCS#8	- Private key
>>      PKCS#12	- Private key and related certificates
>>
>> Consult the documentation for the product, this is not an OpenSSL
>> question until at least the desired key format is known.
> Perhaps what you're looking for is the legacy RSA key format (PEM
> or DER encoded).
>
> 	-----BEGIN RSA PRIVATE KEY-----
> 	-----END RSA PRIVATE KEY-----
>
> The "openssl rsa" command (unlike the "pkey" command) outputs RSA
> keys in either DER or PEM formats.
>
So to summarize:

First use the command "openssl pkcs12" and a text
editor to split the p12 file into individual
certificate and encrypted private key files.

Then use the "openssl rsa" command to convert the
encrypted private key files from PKCS#8 format to
"old-openssl/PKCS#1" format.


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150903/0ef1de3b/attachment.html>


More information about the openssl-users mailing list