OpenSSL won't understand RSA keys in RFC4716 format

Question & Answer

Question

OpenSSL is not able to use RSA keys created using the ssh-keygen command.

# ssh-keygen -t rsa -f test02today

Error:

openssl rsa -in sitest_to_testing

unable to load Private Key 804401144:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY

Cause

When using the ssh-keygen to generate RSA keys, the keys are generated by default in RFC4716 format.

The keys must be converted to pkcs8 or PEM format for OpenSSL to understand the key file.

Answer

This can be solved by adding specific instructions in the ssh-keygen command to create a PEM or pkcs8 file - as follows:

# ssh-keygen -t rsa -f test02today -e -m pkcs8

# ssh-keygen -t rsa -f test02today -e -m pem

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzvAAA","label":"Security->OPENSSH\/OPENSSL"}],"ARM Case Number":"TS003934888","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Tips

OpenSSL won't understand RSA keys in RFC4716 format

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?