Openssl convert text to pem – Valuable Tech Notes

I generated a rsa 2048 key-pair with these commands:
openssl.exe genrsa -F4 -out key.pem 2048
openssl.exe rsa -text -in key.pem > key.txt

Now I lost the key.pem file and also lost the key.txt in its original format. But I have private exponent and public exponent from the text file. Those were enough for my tool suite to sign a binary file and then verify. Now I need to test something with openSSL signing, but how do I recover the private key in .pem format (key.pem).

This is the left over portion of key.txt(example, but a valid key-pair):

Private-Key: (2048 bit)

modulus:

00:f3:5a:8f:46:08:11:d8:f7:65:eb:26:8f:e6:fe:
c3:10:c7:52:81:4e:44:89:59:fe:39:a3:55:c6:10:
7f:8c:2d:8e:e9:60:92:f1:c2:b3:9b:3d:0b:cc:b1:
6d:36:b4:d2:31:dd:5b:96:c1:f1:0b:51:2c:77:ee:
2d:53:68:f0:c9:89:c3:a4:1b:90:a1:39:5e:d0:f3:
f1:ec:5b:d3:e9:2d:36:1f:8f:27:e0:90:89:0a:4b:
16:24:e7:35:18:9a:0e:1a:b0:9d:b4:20:b9:2d:cf:
72:59:54:a8:c7:1a:d3:cd:a0:8e:b6:86:6c:47:c5:
b5:de:66:48:5c:cc:63:03:bc:35:ca:8b:0b:23:65:
c0:94:ec:4f:51:67:5c:84:9a:81:ce:cd:52:71:f8:
e8:d1:9b:03:54:ab:e7:38:47:3d:63:f1:ee:26:46:
3f:d8:31:f3:ea:bf:8c:2b:dc:8e:b7:ee:4d:8a:24:
5f:b3:7d:26:45:13:f7:6a:a2:cf:d8:80:1b:0c:30:
d0:06:c3:6b:13:03:74:6b:56:a4:25:f1:90:d4:70:
11:2a:85:9f:92:c9:f0:2e:1c:7d:56:09:ba:de:41:
26:4f:8a:0a:91:78:42:5e:87:6a:2f:51:44:c5:0d:
4b:9d:8b:02:8e:b5:89:82:f9:a1:1b:d7:b9:c6:1d:
d2:61

publicExponent: 65537 (0x10001)

privateExponent:

73:e4:bd:f4:e1:24:f6:ca:23:7c:90:99:d9:ad:9c:
62:62:3a:95:a0:1b:9d:ba:01:0b:9c:10:de:49:bf:
24:98:11:c6:6d:1a:ae:0e:46:90:f8:ca:a4:ca:1e:
b3:fd:fb:58:8a:0d:f3:47:1b:af:83:12:05:6f:a5:
a0:62:8a:c1:c0:5d:2e:cb:7d:de:7a:3f:00:8e:1c:
b9:ae:a5:c6:17:a4:fd:f4:a4:4e:1b:27:58:82:97:
e2:2d:46:29:18:3c:fd:52:fd:57:ea:79:a6:2a:74:
4f:bc:b4:c0:55:b3:66:eb:3e:ec:08:2a:8b:27:ca:
4c:47:33:d1:15:f9:55:ae:1f:c6:5c:80:52:0b:b1:
b8:63:2e:59:82:09:3d:68:b1:29:3b:56:5e:e4:e3:
6c:bb:01:c7:f7:a4:2a:20:e7:40:f2:08:d6:3a:e9:
49:3c:15:bc:5d:6b:89:4b:06:60:f5:86:7b:7c:6f:
f2:1a:10:10:f4:df:73:ae:5f:67:d1:a1:99:e4:79:
2d:82:3d:a6:fd:c0:cc:0a:4b:06:f6:96:d5:c0:89:
3b:02:26:a2:ff:e1:e1:fb:2a:6c:cb:4f:ce:8a:c5:
26:4b:70:19:05:87:23:81:68:64:83:65:f4:97:7a:
bf:1e:95:5c:a3:93:64:7a:fa:e7:54:9d:0b:95:0c:
11

Best Answer

Right - so assuming you also know the private exponents and what not - this is do-able; but will require either a bit of c-coding constructing the structure proper or a dirty hack. The dirty hack I use is as follows (and may not always work; there are some unlucky edge cases in the BER encoding).

generate a similar key on the side. Ensuring identical length.
write it out in DER format.
write it out in TXT format; like above (A).
observe that the privateExponent and so on are 'plain' in the dump (prefixed by their ASN1 header (BF..).
edit the keys/values into this file; overwriting the old values.
- you can find their start/end by looking at the text output 'A'.
- and replace it by your values
use openssl ans1parse to verify that you've not made any mistakes.
and once done - you have your file back.

And that is it really. The proper bit of C code is a bit more work. But perfectly doable. your txt file has all the info - and the RSA/pkey struct in openssl is easy to re-populate.

(And lets hope that above is not your real key :)!

Best Answer

Related Solutions

Objective-c – Initialize Public Key From Modulus & Exponent using OpenSSL

How to generate a self-signed SSL certificate using OpenSSL

Related Topic