Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question on decrypting EC private keys #217

Open
gstos opened this issue Dec 14, 2023 · 2 comments
Open

Question on decrypting EC private keys #217

gstos opened this issue Dec 14, 2023 · 2 comments

Comments

@gstos
Copy link

gstos commented Dec 14, 2023

It's more a question than an issue per se. I am struggling to decrypt EC private keys generated by certstrap with OpenSSL via the command line. I've managed to do it with RSA keys easily. I tried using openssl pkey and openssl ec with similar syntaxes and the result is the same. I am sure the password is valid because this key belongs to an intermediate CA and I am able to sign CSRs using certstrap and the password. I am probably missing something very obvious here.

$ openssl pkcs8 -in encrypted.key -topk8 -nocrypt -out plain.key
Enter Password:
Could not find private key of key from encrypted.key
00D316E001000000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
00D316E001000000:error:0680009F:asn1 encoding routines:asn1_item_embed_d2i:unexpected eoc:crypto/asn1/tasn_dec.c:401:Type=X509_ALGOR
00D316E001000000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:685:Field=prf, Type=PBKDF2PARAM
00D316E001000000:error:0680006E:asn1 encoding routines:ASN1_item_unpack:decode error:crypto/asn1/asn_pack.c:59:
00D316E001000000:error:03000072:digital envelope routines:PKCS5_v2_PBKDF2_keyivgen_ex:decode error:crypto/evp/p5_crpt2.c:206:

openssl ec -in encrypted.key -passin file:secret
Could not find private key of key from encrypted.key
00D316E001000000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
00D316E001000000:error:0680009F:asn1 encoding routines:asn1_item_embed_d2i:unexpected eoc:crypto/asn1/tasn_dec.c:401:Type=X509_ALGOR
00D316E001000000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:685:Field=prf, Type=PBKDF2PARAM
00D316E001000000:error:0680006E:asn1 encoding routines:ASN1_item_unpack:decode error:crypto/asn1/asn_pack.c:59:
00D316E001000000:error:03000072:digital envelope routines:PKCS5_v2_PBKDF2_keyivgen_ex:decode error:crypto/evp/p5_crpt2.c:206:
unable to load Key
@username-is-already-taken2
Copy link

I would be grateful if you could share any update on this?, did you manage to decrypt it?

@gstos
Copy link
Author

gstos commented Jun 5, 2024

Unfortunately not. I tried to follow the Go calls to understand how the EC keys were generated, but I was unable to identify the issue from there and gave up from using certstrap. If you have any insights on this topic, please share here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gstos @username-is-already-taken2