OpenSSL "pkey" - Open Encrypted DH Keys

Q

How to open an encrypted DH key file using OpenSSL "pkey" command? I was told the key file is DES encrypted and I know the password.

✍: FYIcenter.com

A

If you are trying to open a password (encrypted) DH key file using the "pkey" command, you will be prompted for the password as shown below:

C:\Users\fyicenter>\local\openssl\openssl

OpenSSL> pkey -in my_dh_des.key -text -noout
unable to load key
15924:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad 
   decrypt:.\crypto\evp\evp_enc.c:529:
15924:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal 
   error:.\crypto\pkcs12\p12_decr.c:108:
15924:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe 
   crypt error:.\crypto\pkcs12\p12_decr.c:139:
15924:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 
   lib:.\crypto\pem\pem_pkey.c:141:
error in pkey

OpenSSL> pkey -in my_dh_des.key -text -noout
Enter pass phrase for my_dh_des.key:
DH Private-Key: (1024 bit)
    private-key:
        53:fb:7c:ed:bb:b7:d5:a0:4e:2e:c1:97:3a:01:2b:
        90:a0:8b:5f:59:2b:07:6f:33:88:9c:3a:a3:c5:14:
        72:67:67:cc:ec:0b:c7:eb:72:cc:6d:e2:84:1a:47:
        de:3e:b6:46:3c:46:28:da:82:8b:7a:da:3c:7d:34:
        cb:d5:3d:d9:0f:bd:89:cb:7a:4c:55:81:64:b5:3a:
        33:3e:a0:c3:08:84:f9:a5:c4:3e:35:fa:3f:e0:69:
        e4:3f:4c:5e:a9:5c:9d:d4:ed:33:86:97:c4:52:f9:
        88:f5:e2:41:8e:3b:7f:bf:d5:ed:d7:54:02:72:67:
        0b:52:fe:81:a7:3b:72:7f
    public-key:
        34:c2:41:7b:5c:50:95:2e:93:8b:55:48:76:8a:e7:
        fa:10:2e:5c:b4:38:8f:1f:7c:4b:45:16:06:14:ad:
        28:79:df:80:0e:44:24:82:66:e2:d1:4d:ec:ec:5b:
        b3:16:eb:e1:83:01:17:d1:85:e5:3c:ea:c6:4c:e3:
        33:45:b1:a6:7b:c0:13:eb:d2:eb:64:d2:c0:26:d7:
        0b:94:ef:79:66:b0:39:cc:16:f1:97:59:d5:b2:93:
        c5:7f:9b:99:e9:14:50:9a:2d:24:8f:96:c6:ac:ec:
        93:11:a1:e4:a6:60:26:5b:2b:1e:86:58:be:4d:be:
        46:4f:d0:56:b4:39:d6:f8
    prime:
        00:bc:e2:cd:16:1f:86:17:5c:d6:68:89:31:71:bc:
        f2:d2:82:09:d2:ce:48:81:bb:1b:61:6c:87:6e:de:
        73:8d:40:3f:ea:44:c6:24:fb:f3:53:ff:26:39:cb:
        9b:2f:39:36:2c:bd:3a:14:d9:0e:48:92:9c:0a:8d:
        89:63:be:0c:2f:f7:7a:52:0a:8c:77:f1:42:00:4c:
        31:df:b9:ec:c0:9d:b8:7f:4c:10:e5:44:40:a6:ff:
        76:b2:64:3c:57:82:05:28:49:94:cf:8a:ca:83:42:
        a4:b7:d5:d1:3b:bf:89:c6:ff:29:34:00:51:d8:90:
        03:47:1e:84:1b:53:36:6c:33
    generator: 2 (0x2)

Options used in this command are:

  • "-in my_dh_des.key" - Read the DH private key file.
  • "-text" - Print content of the key in text format.
  • "-noout" - Do not include the key in the output.
  • "noidea" - The incorrect password of the key file. You get errors.
  • "fyicenter" - The correct password of the key file.

 

OpenSSL "genpkey" Command for DH Keys

⇒⇒OpenSSL Tutorials

2017-08-21, 309👍, 0💬