3

I have a Private Key with the following format

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6TAbBgkqhki....
----END ENCRYPTED PRIVATE KEY-----

How can I convert this in a key with RSA format

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA28jIsb8SAhJritwO....
-----END RSA PRIVATE KEY-----

The current version of cryptography I have is 2.8. Any help is really appreciated. Thanks in advance.

Improve this question
3
  • 1
    Not in python but have you checked this? Commented Apr 29, 2021 at 14:08
  • Yeah I did, but I want it to automate it, hence Python. Commented Apr 29, 2021 at 14:35
  • 2
    What you want to do is to convert a PEM encoded, encrypted PKCS#8 private key to a PEM encoded PKCS#1 private key. Generally you first decode to a Python private key, then reencode it. However, maybe just calling the OpenSSL command line from Python might be a better option in this case. It's a rather strange requirement to convert a a lot of protected private keys to unprotected private keys, by the way. Commented Apr 29, 2021 at 15:05

1 Answer 1

Reset to default
6

As described in the comment by Maarten Bodewes, a conversion of a encrypted private key in PKCS#8 format to a private key in PKCS#1 format (both PEM encoded) is possible with OpenSSL. But this can also be done with the Cryptography library.

The Cryptography library supports the import of (encrypted) private keys in PKCS#8 format, PEM encoded, with the method load_pem_private_key() (since version 0.6), e.g.:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization

pkcs8Encrypted = b"""-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICzzBJB...
-----END ENCRYPTED PRIVATE KEY-----"""

privateKey = serialization.load_pem_private_key(
    pkcs8Encrypted, 
    b'mypassword',
    default_backend()
)

The export of private keys in PKCS#1 format, PEM encoded is possible with private_bytes() (since version 0.2):

pkcs1 = privateKey.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption()
)

print(pkcs1.decode('utf-8')) # -----BEGIN RSA PRIVATE KEY-----...

The current version of Cryptography is 3.4.7 (Mar 2021). 2.8 is from Oct 2019, s. Release history. Actually, both methods should therefore be available.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi @topaco, thanks for your comment. I did try the same earlier, but somehow its not working for me. Please find the below sample: private_key: b'-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIE6TAbBgk...\n-----END ENCRYPTED PRIVATE KEY-----\n' p_key = serialization.load_pem_private_key(private_key, password=passphrase.encode(), backend=default_backend()) I get the following error: ValueError: Could not deserialize key data.
@RahulGoud - If the code is running in your environment, the key may be the problem. Then I would try a conversion with OpenSSL, as this is presumably more powerful than the Python implementation. Also, it would be helpful if you could post a test key that causes the problem in your environment.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.