Ubuntu
openssl package

Converting PKCS#8 into PKCS#1 fails with openssl 3.0

Bug #1973344 reported by jean-christophe manciot on 2022-05-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

On Ubuntu jammy
with OpenSSL 3.0.2:

$ openssl rsa -in rsakey.pkcs8 -out rsakey.pkcs1
writing RSA key

$ grep -- "-----BEGIN" rsakey.pkcs1
-----BEGIN PRIVATE KEY-----

With OpenSSL 1.1.1o or 1.1.1l
$ openssl rsa -in rsakey.pkcs8 -out rsakey.pkcs1
writing RSA key

$ grep -- "-----BEGIN" rsakey.pkcs1
-----BEGIN RSA PRIVATE KEY-----

Unfortunately, we still need to be able to generate PKCS #1 private keys as mysqld (8.0.29-0ubuntu0.22.04.2) despite using libssl3 is still not capable of loading PKCS #8 private keys.

Seth Arnold (seth-arnold) on 2022-05-13

information type:

Private Security → Public

Revision history for this message

Simon Chopin (schopin) wrote on 2022-05-18:

Hi!

You want to add -traditional to your openssl rsa command to get the previous behaviour:

❯ openssl rsa -in key.pem | grep BEGIN
writing RSA key
-----BEGIN PRIVATE KEY-----

❯ openssl rsa -in key.pem -traditional | grep BEGIN
writing RSA key
-----BEGIN RSA PRIVATE KEY-----

Changed in openssl (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl package

Converting PKCS#8 into PKCS#1 fails with openssl 3.0

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
openssl package