[SOLVED] OpenSSL error : unable to load Private Key

banderas20 · 05-24-2023, 12:09 PM

Hi!

I have created a public-private keypair with ssh-keygen and I have both id_rsa and id_rsa.pub.

I'm trying to encrypt/decrypt files with openssl.

If I cypher the file with

Code:

cat plain_file | openssl rsautl -encrypt -pubin -inkey /tmp/id_rsa.pub > /tmp/encrypted.txt

it works.

I try to decypher it with the private key of the remitent user with this command

Code:

cat /tmp/encrypted.txt | openssl rsautl -decrypt -inkey id_rsa

But I get this error:

Code:

unable to load Private Key
139651099592000:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

After some openssl manipulations, the contents of the private key begin with:

Code:

-----BEGIN RSA PRIVATE KEY-----

and then with

Code:

-----BEGIN OPENSSH PRIVATE KEY-----

By the way, the encryption didn't work at first with the ssh-keygen generated public file. I had to convert it with:

Code:

ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa2.pub

I'm pretty lost and I don't know what's going on.

Can you shed some light on this?

Thanks in advance!

PS: running Ubuntu 20.04

michaelk · 05-24-2023, 12:22 PM

What are you trying to accomplish?

ntubski · 05-24-2023, 01:00 PM

Quote:

Originally Posted by banderas20

By the way, the encryption didn't work at first with the ssh-keygen generated public file. I had to convert it with:

Code:

ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa2.pub

Did you also convert the private key?

banderas20 · 05-24-2023, 01:32 PM

Quote:

Originally Posted by ntubski

Did you also convert the private key?

Yes, with

ssh-keygen -f priv_key -e -m PKCS8 > priv_key2

and to my big surprise, priv_key2 seems to have been converted to a Public Key (????), since its contents after the conversion show:

-----BEGIN PUBLIC KEY-----

Quote:

Originally Posted by michaelk

What are you trying to accomplish?

I'm trying to cipher a plain text message with public_key_B and decipher it with private_key_B on the other side.

michaelk · 05-24-2023, 03:33 PM

It might be easier using gpg.
https://itsfoss.com/gpg-encrypt-files-basic/

banderas20 · 05-24-2023, 04:50 PM

Quote:

Originally Posted by michaelk

It might be easier using gpg.
https://itsfoss.com/gpg-encrypt-files-basic/

I'll give it a try, indeed! Thanks.

However, I still don't understand why my approach doesn't work and the reason of the error...

michaelk · 05-24-2023, 06:29 PM

Both keys need to be in PEM format.
ssh-keygen -p -m PEM -f /path/to/id_rsa

This will overwrite the old key.

Using Ubuntu version 22 rsautl is deprecated and instead I used pkeytul.

chrism01 · 05-24-2023, 07:48 PM

This site https://www.madboa.com/geek/openssl/ has a very good explanation with working examples of manipulations involving OpenSSL tools.
Well worth a read.

banderas20 · 05-25-2023, 04:34 AM

Hello everyone.

It's working now. Maybe I skipped some step. Here are the steps:

1. Generate keypair for users A and B

ssh-keygen

2. Convert the public keys to PKCS8 format:

ssh-keygen -f A.pub -e -m PKCS8 > A2.pub
ssh-keygen -f B.pub -e -m PKCS8 > B2.pub

3. Move the pub files to "shared folder" /tmp (for the example)

4. Cipher the plain text from A with the pub key of B

cat file | openssl rsautl -encrypt -pubin -inkey /tmp/B2.pub > /tmp/encrypted.txt

5. Decipher the coded file with the priv key of B

cat /tmp/encrypted.txt | openssl rsautl -decrypt -inkey B

And it works.

Thanks everyone for your help!