OpenSSL not creating a key file from a RSA private key

N

2

6

I'm following this guide in order to set up Continuous Integration for my Salesforce development. It says to create a RSA private key and from this create a key file and after that generate a certificate. But I get some errors and cant find my answer online.

image of commands

As seen in the image I tried openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 and get the following error.

Generating RSA private key, 2048 bit long modulus (2 primes) ....+++++ .......................+++++ e is 65537 (0x010001) 484:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters 484:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters 484:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:crypto/pem/pem_lib.c:357:

I figured 2048 was a to big number (dont know why) so I used openssl genrsa -des3 -passout pass:x -out server.pass.key 1023 and it worked with the following as result.

Generating RSA private key, 1023 bit long modulus (2 primes) ................................................+++++ .......................+++++ e is 65537 (0x010001)

When trying to create a key from the RSA private key with this command openssl rsa -passin pass:x -in server.pass.key -out server.key I got another error saying it is unable to load the private key. This was the output.

unable to load Private Key 20536:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters 20536:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:570: 20536:error:0906A065:PEM routines:PEM_do_header:bad decrypt:crypto/pem/pem_lib.c:461:

This is the file that was created:

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,647BC276259FFAB6

UZaGpWtLuxhhU5bFNpYMcbb2pZcmPccQOfyLeJ555oECpv7sd2qNaZn1dQOZaahy
nGDLZdOtHZ6rKZD2jZ99HcxDS9sdys9JRNHXo4fzEJb3q7Qo+rMwFyiL1NVVmkUL
+ib9FifiFdKB+WCza18dAQEGaMA0af7InrMo86wBlP1Qn6oU4kvaxG2JY1zqu1BG
NBVUyQB1NEhzeEYs4acXWT7mSW+blkofzycGlQ24eaBP/SMtP+qACPsJ2aL6vc8j
ofK7GT6vmL1TYebHD4fBTNuTVFNSZx1WkZNBUwAW9LSnxfBXE62bVoqxlaXuFBJW
+xUZ/Y8V3Hnlz5n7nsXieMN7xMMfelt11yFH3qOSvZYao+8XfsQMDSIeTtEaqVhc
veBfL9UGkM0ePgEN8Ewdxau9clDbPBphfi0UIJfS+MJKixmykTIYepBU2HIjHjdZ
co2nOIb7DgIsTKzf3Lec5PPmZRXMAGa1cPq1qLLnga6BA/pz9UMtkKuzJX7q+OoI
pcp1WRTN6Pwavm7mrdGmaiU/VHVGuC4KKdIquQ7iIlsy4s/YD5bVzWxVpAFDsyZ7
IRGI0Ac+0+1h2jm3XctYGFRm6FueOg2XuDHgF3E0W9XrZ1rMTLP27N8gSw4AIFi9
Nu035TlvADkR5EJUZq6YQrne7Yp7cS8yEuZ/eJfWDgKJ6MuHHky5iVOZivyQkL1X
FYNi4NF6QHImZdQUJ0n+on8xlG501ZpCrjCMk/GoY/VdgMWZz90Ri6x1f8TdVk5O
UY6CuBsMcWUV6WwIBeVV0oiAlyBb7JsmevHXfU77ep4=
-----END RSA PRIVATE KEY-----```

Nymphet answered 27/5, 2019 at 16:30 Comment(0)

H

9

The password is too short for the version of openssl you are using. It appears to require at least 4 characters. Try this instead:

openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048

Of course that is not a good password, but if it works, that will confirm the cause of the error message you received. On decryption, use the longer password, too:

openssl rsa -passin pass:xxxx -in server.pass.key -out server.key

Helgeson answered 27/5, 2019 at 19:37 Comment(2)

I think it worked, that you verry much. I had 0 experience with this and could not find a answer. Happy to find it now. – Nymphet 28/5, 2019 at 17:25

Glad to hear that. I think Salesforce should modify their example - I found that some OpenSSL versions seemed to work as is, but others require a longer passphrase. – Helgeson 28/5, 2019 at 17:27

G

1

The Salesforce Instructions for this Project currently say, in relevant part, pass:x. I changed it to pass:xxxx as suggested above and received writing RSA key instead of the errors described by the original poster.

Groan answered 30/7, 2019 at 1:8 Comment(0)

Recommended topics

Hot tags