• caglararli@hotmail.com
  • 05386281520

Running openssl s_client with an aes encrypted key fails

Çağlar Arlı      -    13 Views

Running openssl s_client with an aes encrypted key fails

I'm trying to verify a 2-way SSL connection using the openssl s_client command

openssl s_client -connect localhost:8883 -CAfile ca.pem -cert client.crt -key client.key 

The openssl s_client fails with the following error:

openssl s_client -connect localhost:8883 -CAfile ca.pem -cert client.crt -key c.key
Enter pass phrase for client.key:
unable to load client certificate private key file
140289846519624:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
140289846519624:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
140289846519624:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=RSA
140289846519624:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
140289846519624:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
140289846519624:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
140289846519624:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO
140289846519624:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

The client private key was generated using the following command

openssl genrsa -aes256 -out client.key 2048

And if I try to parse it I get the following

openssl asn1parse < client.key

I get this

Error in encoding
140030324189000:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:

This does work when I generate the key without passing the -aes256 option.

How can I get this to work with keys that have been encrypted using aes or des?