The private key could not be processed. Key should be unencrypted and in PEM format

Andrey · January 26, 2021, 1:39pm

Trying to add custom private key for certificate.
Extension of the private key is *.key,
file content starts from -----BEGIN PRIVATE KEY-----

Program shows that private key file format didn’t match, and unencrypted PEM is needed.

How can I fix this?

Thanks!

webprofusion · January 26, 2021, 2:34pm

Hi, can you confirm what type of key this is (RSA or EC)? Can it be parsed OK using any PEM decoder tool? How was it generated?

Our code simply tries to parse the key file as PEM format, the main limitation is that the key file can’t be password protected. This uses the BouncyCastle OpenSssl implementation.

If you can generate keys on demand, could you supply an example key that doesn’t work? i.e. one that’s not actually private.

Andrey · January 26, 2021, 3:17pm

Key is generated by mail server, thats all i know.
Thanks for the tip about PEM decoder tool,
i’ll try to generate new private key, that matches this tool.

Example key, that doesn’t work is here

(this key is not actualy private)

webprofusion · January 27, 2021, 3:12am

Thanks, so if I run this through openssl it seems to be valid but that the original is not-quite correct base64 encoding (or rather, BouncyCastle can’t/doesn’t want to parse it):

openssl rsa -in C:\temp\key.pem -check

Which then gives me an output which works with Certify:

webprofusion · January 27, 2021, 3:13am

Which email server product is this, maybe I can investigate it a little with them?

Andrey · January 27, 2021, 12:23pm

This is Zimbra Collaboration server.
Thanks for help,
private key for mail server i’v regenerate whith mathched parameters and replace it in console of mail server.