While checking out an issue with the SSH server for ContinuaCI issue (see info below), I wanted to look at the files leading to the issue: .pem and .rsa files with the private key for the SSH server.
So I browsed through my series of openssl related articles to see if I already had made a script better explaining the cryptic openssl command-line parameters. I didn’t have it yet, but it turned out to be really simple:
C:\ProgramData\VSoft\ContinuaCI\SSHD>"C:\Program Files (x86)\Git\usr\bin\openssl.exe" rsa -in server_keypair.rsa writing RSA key -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- C:\ProgramData\VSoft\ContinuaCI\SSHD>"C:\Program Files (x86)\Git\usr\bin\openssl.exe" rsa -in server_keypair.rsa -text Private-Key: (1024 bit) modulus: ..:..:..:..... publicExponent: 35 (0x23) privateExponent: ..:..:..:..... prime1: ..:..:..:..... prime2: ..:..:..:..... exponent1: ..:..:..:..... exponent2: ..:..:..:..... coefficient: ..:..:..:..... writing RSA key -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- C:\ProgramData\VSoft\ContinuaCI\SSHD>"C:\Program Files (x86)\Git\usr\bin\openssl.exe" rsa -in server_keypair.pem Enter pass phrase for server_keypair.pem: unable to load Private Key 2675996:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: 2675996:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108: 2675996:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139: 2675996:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141: C:\ProgramData\VSoft\ContinuaCI\SSHD>"C:\Program Files (x86)\Git\usr\bin\openssl.exe" rsa -in server_keypair.pem -passin pass:password unable to load Private Key 2675996:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: 2675996:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108: 2675996:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139: 2675996:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:
The command-lines use the [WayBack]rsa
tool with:
- the
-in
parameter - (for the first file) the
-text
parameter to dump it into human readable form - (for the second file) the
-passin
parameter with a [WayBack] pass phrase argumentpass:password
.
The server_keypair.pem
file (having the header -----BEGIN ENCRYPTED PRIVATE KEY-----
and footer -----END ENCRYPTED PRIVATE KEY-----
) was a password protected RSA private key where somehow ContinuaCI had the wrong password for.
I’m not sure it’s a good idea that the server_keypair.pem
file has not password at all.