[Botan-devel] Unable to read a rsa private key generated by openssl

Jack Lloyd lloyd at randombit.net
Fri Jun 11 18:22:35 EDT 2010

On Fri, Jun 11, 2010 at 02:53:10PM -0700, Pete Toich wrote:
> Hi,
> When I try to use the following code to read a pem file generated by openssl (syntax below),
>  I get the exception: Exception: Botan: Decoding error: PKCS #8 private key decoding failed
> Looking at the pem file generated by openssl and by the rsa_kgen botan example, the file sizes are different.  Diving deeper there is
> a extra header on the rsa_kgen version that is not present in the openssl version.  
> Is it possible to open RSA keys with botan that were created by openssl?

The encrypted keys, no; for whatever reason OpenSSL continues to use
some strange and I think OpenSSL-specific format for this. You can
convert them to PKCS #8 format keys using

openssl pkcs8 -topk8 -in rsa_key.pem

(Add -nocrypt if you don't want to encrypt the PKCS #8 file).

[I'm sure it's possible to write code using botan that could decrypt
the file, of course, but I haven't bothered digging through the
OpenSSL code to try figuring out what the actual format is]

The unencrypted keys can be loaded by picking apart the PEM layer and
then feeding it into the BER decoder by hand, which is awkward but
works. I've attached an example.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: extract_openssl_rsa.cpp
Type: text/x-c
Size: 1004 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20100611/1d8d870a/attachment.cpp>

More information about the botan-devel mailing list