Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
"openssl enc" Converting Keys from Binary to PEM
This section provides a tutorial example on how to convert a private and public key pair stored in binary PKCS#8 format into PEM (Privacy Enhanced Mail) format with the 'openssl enc' command.
Using my DumpKey.java program, I managed to get a private and public key pair dumped out of the "keytool" keystore file into herong_bin.key. My DumpKey.java program told me that this is a DSA key pair stored in binary PKCS#8 format.
I tried to view herong_bin.key as is with the "openssl dsa" command:
herong> openssl dsa -in herong_bin.key -text read DSA key unable to load Key 2228:error:0906D06C:PEM routines:PEM_read_bio:no start line: pem_lib.c:632:Expecting: ANY PRIVATE KEY
Looks like "openssl dsa" command only understand PEM (Privacy Enhanced Mail) format which requires the key to be encoded in Base64 format. This can be done in two steps. First, use "openssl enc" command as shown below:
herong> openssl enc -in herong_bin.key -out herong.key -a herong> more herong.key MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS ... g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUSVbo98XAZDN9RZoZ+li3kIKVEbk=
The last step to make my herong.key file to meet PEM format standard is to add a header line and a footer line with a text editor:
-----BEGIN PRIVATE KEY----- MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS ... g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUSVbo98XAZDN9RZoZ+li3kIKVEbk= -----END PRIVATE KEY-----
Now I got my private and public key pair converted from the binary format to the PEM format in the file called herong.key. Remember my key pair was generated by "keytool".
Actually, "openssl dsa" does understand keys in binary format by specifying the "-inform DER" option, as pointed by Dan Lukes in the Web version. So we can convert a key pair from the binary format to the PEM format with a single "openssl dsa" command:
herong> openssl dsa -in herong_bin.key -inform DER -out herong.key \ -outform PEM
The next thing I want to do is view this key pair with the "openssl dsa" command as described in the next section.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
►Migrating Keys from "keystore" to "OpenSSL" Key Files
No "keytool" Command to Export Keys
"keytool -genkeypair" Generating PrivateKeyEntry
"keytool -exportcert" Exporting PrivateKeyEntry
"keytool -printcert" Printing Certificate Details
"openssl x509" Viewing Certificate Details
"DumpKey.java" Dumping Private Keys Out of "keystore"
►"openssl enc" Converting Keys from Binary to PEM
"openssl dsa" Viewing Private and Public Key Pair
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"