Forum guidelines
  • Home
  • »
  • C# Language
  • »
  • Merging certificate(.crt) and private key(.key) into one .pfx file
AuthorQuestion
Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 16 Oct 2011
Hi,

I had a lot of problems trying to ad a seperate private key(received from the institute I want to communicate with) to the outgoing message.
I stumbled upon a solution where certificate and private key can be merged into one .pfx file via an commandline instruction.
The resulting .pfx file can then be used with the appropriate C# code to send a, in this case, signed message.

However when I use the commandline command:
openssl pkcs12 -in a.crt -inkey a.key -export -out a.pfx

I get the error message:
unable to load private key
6704:error:0906D06C: PEM routines: PEM_read_bio: no start line: .\crypto\pem\pem_lib.c:696:Expecting: ANY PRIVATE KEY

Do you know what the problemcould be?
I would appreciate your help very much

Kind regards
MikeFIF



AuthorReply
Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 16 Oct 2011  
Hi Mike,

Check if the key is in the same location where you issue your command, also make sure that your file begins with:

-----BEGIN RSA PRIVATE KEY-----


Please do not forget to mark "Accepted Answer".

Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
Hi Javeed,

Thanks for your respons.
I did start with the wright path so the full command was: openssl pkcs12 -in D:\Websites\CERT\Sign.crt -inkey D:\Websites\CERT\Sign.key -export -out D:\Websites\CERT\Sign.pfx
Now I copied the certificate and key to the directory I gave the following command:
openssl pkcs12 -in Sign.crt -inkey Sign.key -export -out D:\Websites\CERT\Sign.pfx

I still get the error though.
When I try opening the Sign.key file I see the following code(this is just a part of it):
0‚' *†H†÷  ‚0‚ 0‚ ‚P ‚L0‚H0Key0@íMuaê`Ïë}‚qYbƒh¡"°20101214093743Z€20141214093743Z¡‚û0‚÷¢‚ï1i£g   *†H†÷

So, I can't tell wether the file begins with:

-----BEGIN RSA PRIVATE KEY-----
Do you have any suggestions what the best way would be for me to proceed?

Thanks in advance for your response

MikeFIF 

Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
Hi Mike,

Check if the certificate and private key is correct with the following command:

to check private key:
openssl rsa -in a.key -check

to check certificate:
openssl x509 -in a.crt -text -noout

Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
Hi Javeed,

I indeed get the same error with the key file and also for the certificate. The certificate though has "EXPECTING TRUSTED CERTIFICATE" at the end of the errormessage in stead of "Expecting: ANY PRIVATE KEY".

This certificate and private key however are issued by a government institute and also being already used by other software(of an external software provider) to communicate with this institute. So, I trust they are ok?? If they aren't, can what measure can I take?
BTW.. as far as I can see in the software of the external provider, they are also merging the certificate and key before communication.

One thing that might cause the problem... the private key appears to have a password.  Do you know if and how this should be incorporated in the command?
  
Kind regards 
 MikeFIF
 
 

Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
The password can be provided by the following argument in the command line:

-pass arg, -passin arg

But I found in the documentation that if no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.

Also please verify that the key you have received isn't already merged with the certificate?

Also the following is a sample privatekey merged with certificate looks like:

Bag Attributes
localKeyID: B5 BA 41 DE E6 FE 22 70 D7 C8 C8 55 76 E6 AF 92 6B...
subject=/C=CA/ST=HY State/L=HY City/O=HY Company/OU=HY Unit/CN=Her...
issuer=/C=CA/ST=HY State/L=HY City/O=HY Company/OU=HY Unit/CN=Hero...
-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCQ0Ex
...
joy2xMaAryTrfoyUyqL10TusG3MeoXnHl4u4F5mLbQgr13CYHjdp
-----END CERTIFICATE-----
Bag Attributes
localKeyID: B5 BA 41 DE E6 FE 22 70 D7 C8 C8 55 76 E6 AF 92 6B...
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5845E016B16C7803

xo6pJ9madEbOB9SAQgIGC3GeZ7xDqHZJm6RkquOju23dSxzzetR2u/PPtnQ82hK0
...
7DSeQRZg3a1TTwQXwYXCqHdc2qLzISH/C4ERqm7EqJ2PCsEe7GSfmA==
-----END RSA PRIVATE KEY-----







Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
Hi Javeed,

The above is not applicable on the files I have. I especially don't see a beginning or end statement.
I came accross an idea to parse the key(see below). I have not tried it yet.
I'm very curious on your thoughts about this piece of code.
 

AsnKeyParser keyParser = new AsnKeyParser("private.rsa.cs.key");

RSAParameters privateKey = keyParser.ParseRSAPrivateKey();

CspParameters csp = new CspParameters;

csp.KeyContainerName = "RSAcontainer)";

csp.ProviderType = PROV_RSA_FULL;    // 1

csp.KeyNumber = AT_KEYEXCHANGE;      // 1

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);

rsa.PersistKeyInCsp = false;

rsa.ImportParameters(privateKey);
Kind regards
MikeFIF

Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 17 Oct 2011  
I have not used AsnKeyParser, but i do use the cryptoservoceprovider and cspparameter objects to encrypt data. did you try this with your key and what is the output.
Re: Merging certificate(.crt) and private key(.key) into one .pfx file
Posted on: 09 Mar 2012  
Hi Javeed,

I'm sorry it took so long to reply, but I was still bussy with the issue. Finally I discovered that the problem was with the thirth party certificate. I requested my own certificate and don't have that problem anymore.
Thought you'd wanna know.

Kind regards

MikeFIF

SPONSORED BY

Custom Software Development
MCN is your source for developing solutions involving websites, mobile apps, cloud-computing, databases, BI, back-end services and processes and client-server applications.