Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I have an encrypted key created like this:
openssl ecparam -genkey -name prime256v1 | openssl ec -aes-128-cbc -passout file:passphrase.txt -out out.key
This generates a key like so:
-----BEGIN EC PRIVATE KEY-----\
Proc-Type: 4,ENCRYPTED\
DEK-Info: AES-128-CBC,88BFB9196A5A03B0206AA624EC55411F
4g025eMCoyW9ye/byEtTxMQxFO5ezl/LhCgjdGtIt2NdsE15kO1H9CONk5xskgMN
B6PK7ZpzwP9JcQZ+0p/sfNkd9zia70tP/c9jIjui9NbhM0WI7m75MJRVNPDv8Zzy
W2yLGWPFtQMF8cR3rW4iN/ycpI+QLtRo4/dbzhHqJ/E=\
-----END EC PRIVATE KEY-----
However, I am not able to decrypt it. Using the following command:
openssl enc -d -aes-128-cbc -pass file:passphrase.txt -in out.key -out decrypted.key
results in a bad magic number.
What am I doing wrong?
You are using the wrong command to decrypt the key. The "openssl enc" command is used to encrypt and decrypt arbitrary ciphertext.
To convert an encrypted ec key into a non-encrypted ec key you can instead do:
openssl ec -passin file:passphrase.txt -in out.key -out decrypted.key
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
