Cryptography Tutorials - Herong's Tutorial Examples - Version 5.34, by Dr. Herong Yang
"openssl enc" Converting Keys from Binary to PEM
This section provides a tutorial example on how to convert a private and public key pair stored in binary PKCS#8 format into PEM (Privacy Enhanced Mail) format with the 'openssl enc' command.
Using my DumpKey.java program, I managed to get a private and public key pair dumped out of the "keytool" keystore file into herong_bin.key. My DumpKey.java program told me that this is a DSA key pair stored in binary PKCS#8 format.
I tried to view herong_bin.key as is with the "openssl dsa" command:
>openssl dsa -in herong_bin.key -text read DSA key unable to load Key 2228:error:0906D06C:PEM routines:PEM_read_bio:no start line: pem_lib.c:632:Expecting: ANY PRIVATE KEY
Looks like "openssl dsa" command only understand PEM (Privacy Enhanced Mail) format which requires the key to be encoded in Base64 format. This can be done in two steps. First, use "openssl enc" command as shown below:
>openssl enc -in herong_bin.key -out herong.key -a >type herong.key MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS ... g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUSVbo98XAZDN9RZoZ+li3kIKVEbk=
The last step to make my herong.key file to meet PEM format standard is to add a header line and a footer line with a text editor:
-----BEGIN PRIVATE KEY----- MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS ... g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUSVbo98XAZDN9RZoZ+li3kIKVEbk= -----END PRIVATE KEY-----
Now I got my private and public key pair converted from a binary format to the PEM format in the file called herong.key. Remember my key pair was generated by "keytool".
The next thing I want to do is view this key pair with the "openssl dsa" command as described in the next section.
Last update: 2013.
Table of Contents