Openssl Error Unable To Load Key File
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site openssl verify signature using public key About Us Learn more about Stack Overflow the company Business Learn more about openssl unable to load key file hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join
Openssl Dgst Example
the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up verifying a file signature
Openssl Dgst Verification Failure
with openssl dgst up vote 23 down vote favorite 9 I am signing packets in some Java code and I want to verify the signatures on a C server. I want to fork openssl for this purpose (can always use library functions later... when I know openssl can verify the signatures); however, it's failing to do so: openssl dgst -verify cert.pem -signature file.sha1 file.data all it openssl verify digital signature says is "unable to load key file" The certificate says: openssl verify cert.pem cert.pem: /C=.... error 20 at 0 depth lookup:unable to get local issuer certificate However, I specifically don't care about verifying the certificate, I want only to verify the signature for a given file! The output of openssl x509 -in cert.pem -noout -text is: Certificate: Data: Version: 1 (0x0) Serial Number: ... Signature Algorithm: sha1WithRSAEncryption Issuer: C=... Validity Not Before: Feb 1 15:22:44 2010 GMT Not After : Jun 19 15:22:44 2037 GMT Subject: C=... Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:cc:cc:f9:c7:3a:00:0f:07:90:55:d9:fb:a9:fe: ... 32:cc:ee:7f:f2:01:c7:35:d2:b5:9b:35:dd:69:76: 00:a9 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 39:d6:2c:6b:6a:00:74:b5:81:c2:b8:60:d6:6b:54:11:41:8d: ... 8f:3e:3f:5d:b3:f8:dd:5e cryptography openssl signing share|improve this question edited Mar 5 '10 at 8:32 asked Mar 5 '10 at 8:03 Will 40.3k24118186 I think there is some issue with cert.pem. What does "openssl x509 -in cert.pem -noout -text" output? –Anders Lindahl Mar 5 '10 at 8:12 @Anders Lindahl I've added that to the question –Will Mar 5 '10 at 8:33 add a comment| 1 Answer 1 active oldest votes up vote 35 down vote accepted
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn
Openssl Extract Signature From Certificate
more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags openssl verify signature c++ Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, dgst unable to load key file helping each other. Join them; it only takes a minute: Sign up “unable to load Private Key” error when try to open openssl private key file on mac up vote 2 down vote favorite How can I http://stackoverflow.com/questions/2385320/verifying-a-file-signature-with-openssl-dgst open a private key created on a linux server from a Mac ? Some context : I'm using a local script called mup to deploy a Meteor app which requires the openssl private key. I created the openssl private key on a linux ubuntu server I'm deploying to. I am deploying from my Mac OS 10.9.5. The mup script throws this error : -----------------------------------STDERR----------------------------------- Trying to initialize SSL contexts with your certificatesError loading rsa private key http://stackoverflow.com/questions/35192191/unable-to-load-private-key-error-when-try-to-open-openssl-private-key-file-on -----------------------------------STDOUT----------------------------------- So, the local mac can't open or access the private key. This command works on the ubuntu server where the key was created : openssl rsa -in private-key.nopass.key -check However, If I run that same command on my local Mac on the same file ( which I copied and pasted from the terminal into Sublime text, with normal settings. ) , the local Mac throws this error : unable to load Private Key ... routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY So, I'm assuming the mup error has something to do with this. On the local mac the openssl version is OpenSSL 1.0.2f 28 Jan 2016. On the remote linux server the openssl version is OpenSSL 1.0.1f 6 Jan 2014. meteor openssl share|improve this question asked Feb 4 at 3:54 looshi 625314 add a comment| 1 Answer 1 active oldest votes up vote 1 down vote accepted so, the good folks at namecheap.com support helped me with this question. Turns out I was missing one dash!! haha. This : ----BEGIN RSA PRIVATE KEY----- Should have been this : -----BEGIN RSA PRIVATE KEY----- The takeaway is count your dashes when manually copying/pasting these files! It's far too easy to mistake four dashes for five. share|improve this answer answered Feb 4 at 5:48 looshi 625314 Also, I realized I have a bug in my mac term
an error when trying to verify the signatures using the corresponding SSL certificate (signed by the certificate authority): $ openssl dgst -sha1 -verify signing-cert.pem -signature filename.sha1 filename unable to load unable to key fileThe problem is that you need to use the public key to do the verification, not the certificate. Thankfully it is easy enough to extract the public key from the certificate: $ unable to load openssl x509 -in signing-cert.pem -pubkey -noout > signing-pub.pemThen verification using the public key works as expected: $ openssl dgst -sha1 -verify signing-pub.pem -signature filename.sha1 filename Verified OK Posted by Keith Burdis at 11:04 3 comments: Mohan Embar4 February 2012 at 22:01Thank you!ReplyDeletePeter8 June 2012 at 10:58Thanks.ReplyDeleteDebabrat23 January 2016 at 00:08I have been struggling with the error 'unable to load key file' and came across your post.It is rally saved my time and life.ReplyDeleteAdd commentLoad more... Newer Post Older Post Home Subscribe to: Post Comments (Atom) Labels git (3) nx (1) sasl (1) srp (1) Contributors Keith Burdis Keith Burdis