Anything outside —–BEGIN FOO—– and —–END FOO—– should be ignored by OpenSSL. This behavior is commonly used to e.g. embed an entire human-readable detailed description of the cert in the PEM file itself, so that anyone reading it can see what it encodes without having to invoke openssl x509 … on it.
There’s an article on the Code Project that has all the code you need to do this. It’s just a couple of classes so it’s a light-weight solution. To get the bytes for either a certificate or a key from the PEM file the following method will work, regardless of the order of the key … Read more
In my case I was trying to read my cer file and was receiving the error stated above openssl x509 -in CSR.csr -text -noout unable to load certificate 140518720210760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE I had to convert it to a crt file using openssl. openssl x509 -inform DER -in <certname>.cer -out <certname>.crt openssl x509 … Read more
Using this command I was able to generate the .pem with the contents of the public key. openssl x509 -inform der -in certificate.cer -pubkey -noout > certificate_publickey.pem Which produces: —–BEGIN PUBLIC KEY—– MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsM+whXrxmbCkPfkwY2EehYpIp *blah blah blah blah* —–END PUBLIC KEY—–
“Enter PEM pass phrase” because openssl doesn’t want to output private key in clear text. The password is used to output encrypted private key Below command can be used to output private key in clear text. No password is then asked. openssl pkcs12 -nodes -in me.p12 -out me.pem
This is not bad. Java doesn’t provide any functions to write PEM files. What you are doing is the correct way. Even KeyTool does the same thing, BASE64Encoder encoder = new BASE64Encoder(); out.println(X509Factory.BEGIN_CERT); encoder.encodeBuffer(cert.getEncoded(), out); out.println(X509Factory.END_CERT); If you use BouncyCastle, you can use PEMWriter class to write out X509 certificate in PEM.
Python’s standard library, even in the latest version, does not include anything that can decode X.509 certificates. However, the add-on cryptography package does support this. Quoting an example from the documentation: >>> from cryptography import x509 >>> from cryptography.hazmat.backends import default_backend >>> cert = x509.load_pem_x509_certificate(pem_data, default_backend()) >>> cert.serial_number 2 Another add-on package that might be … Read more
Please note: The code below is for exporting a private key. If you are looking to export the public key, please refer to my answer given here. The PEM format is simply the ASN.1 DER encoding of the key (per PKCS#1) converted to Base64. Given the limited number of fields needed to represent the key, … Read more
Looking at OpenSSL sources, this can happen only if padding in encrypted data is invalid. Does this happen with different keys, and can you provide a sample one? And, what tool is used to generate such keys (i.e. the same OpenSSL or not)? Probably, it omits padding/or writes zero padding instead of correct one.