5

I'm trying to load a private key using OpenSSL with:

from OpenSSL import crypto

PRIVATE_KEY = 'private_key.pem'
with open(PRIVATE_KEY, 'rb') as fh:
    private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')

But I'm receiving this unhelpful error:

Traceback (most recent call last):
  File "keytest.py", line 5, in <module>
    private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 2010, in load_privatekey
    _raise_current_error()
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 22, in exception_from_error_queue
    raise exceptionType(errors)
OpenSSL.crypto.Error: []

The only reference I can find to this error is Twisted Python, TLS and client/server certificate authentication error. However, the author was accidentally trying load a public certificate as a private key with twisted.internet.ssl.PrivateCertificate.loadPEM() (ultimately OpenSSL.crypto.load_privatekey()) instead of twisted.internet.ssl.Certificate.loadPEM() (ultimately OpenSSL.crypto.load_certificate()).

What could cause this?

Community
  • 1
  • 1
Uyghur Lives Matter
  • 18,820
  • 42
  • 108
  • 144

2 Answers2

3

There are at least two cases where loading a private key results in the error:

OpenSSL.crypto.Error: []

1) If the private key is encrypted, but you were not expecting it to be encrypted. I.e., the private key contains:

-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

Instead of:

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

2) If the private key is encrypted, but you are providing the wrong password.

Uyghur Lives Matter
  • 18,820
  • 42
  • 108
  • 144
1

Another reason for this error is that the private key is malformed (not valid base64 for instance).

edruid
  • 693
  • 4
  • 14
  • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient [reputation](http://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](http://stackoverflow.com/help/privileges/comment). – duplode Jul 22 '15 at 14:58
  • 1
    Thank you, I spent a few hours with the same error as the OP to finally figure out that my private key was malformed (json encoded in my case). I tried adding a comment to the above answer but do not have enough reputation to do so. Should I reformulate my answer to include the other two possible errors and make it complete? – edruid Jul 23 '15 at 16:08
  • Thanks for replying. Forking the accepted answer is probably not a good plan. Actually, reading this again it now seems I was too hasty in flagging your answer, so sorry about that. (It looks like a comment due to length and phrasing, but actually isn't one.) I guess the right thing to do is to leave it as it is. Again, sorry! – duplode Jul 23 '15 at 17:59
  • @edruid What is the json key good for if it can't be used here? – rschwieb Sep 21 '15 at 17:54
  • The key was delivered to me in a json blob by google. I just copied the value out thinking it was just base64, but the = signs at the end had been encoded. – edruid Sep 22 '15 at 19:44