Private key fails openssl verification


#1

I tried to verify my private key using openssl because I’ve been having some difficulties with my web host thinking the certificates are valid. However, the privkey.pem failed the following verification:

openssl x509 -in privkey.pem -text -noout

unable to load certificate
3069641936:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

#2

I don’t think openssl x509 is supposed to work with private keys. Try openssl rsa -noout -text -in privkey.pem if you want to check if your private key looks sane.


#3

@z0civic, as @pfg said, x509 is not the right switch to check a private key.

To check the health of your private key you could perform this command:

openssl rsa -noout -check -in /etc/letsencrypt/live/yourdomain.tld/privkey.pem

To check whether a private key matches a certificate (both results should be the same):

openssl x509 -noout -modulus -in /etc/letsencrypt/live/yourdomain.tld/cert.pem | openssl md5 
openssl rsa -noout -modulus -in /etc/letsencrypt/live/yourdomain.tld/privkey.pem | openssl md5

Cheers,
sahsanu


#4

md5? are you serious? that one is killed since half an eternity.
I think we should rather get to a better algo like sha512 (my personal favorite)


#5

It’s totally fine in this context, since OP only wanted to check whether the claim his web host made (certificates being invalid) is correct. There are no security implications here.


#6

Thank you! My mistake. Works great once I’m actually using the correct command.

This can be closed now.


#7

Slightly offtopic, but MD5 is much faster too… If I want to check some large binary, I’d be stupid using sha512sum… No, I’m using md5sum :wink: I’m guessing I won’t be getting a spontaneous collision with some arbitrary binaries :stuck_out_tongue:

It’s all in the context @My1 :wink:


#8

It’s probably fairly easy nowadays to modify a binary in a manner that generates a md5 collision. I wouldn’t recommend using md5 in this context if what you’re verifying is that no MITM messed with your binary. If you’re just checking for corruption (network, disk, RAM, whatever) in an otherwise trusted context, md5 works fine.


#9

No, not MITM messing verification of the sorts. That would have security implications, like you said :wink:

Just local binary gigabyte stuff…

The difference is about 140 % for MD5 vs. SHA512: ± 10 seconds vs. ± 14 s. respectively for 3.5 GB :neutral_face:


#10

Yes I’m ;). Here you should understand the reason to use md5 and it is really simple and is nothing about security.

Check this modulus from a cert:
Modulus=A6B1386A61CB8446C442A42EA0530A21902593F76BDADB3A9152AF7FC27343EB85FD5FAAA20ACDEF334CFFF5A22A7F579775A6588F44370F1A3DC22EAECD6110BDAADCB282BC4CDB65634751F76A32C9C62B3E84865F2AD3144DF74E1C1192EF31D6D8AD62F441D17F49ACA188F1ADE30A03B98A7A29C22CCBA5EB3CE765C12E35230BFA1A39F21AEB1D253C565632E8F3A1DAE134A1CDD64F92C2164024C8243DDA84A56616CA8C6A9890665D702F61759A0564A27DB82BAC8C24F31E1585C9A04A3AE507160E78252D79B1656BBF0D1EE8EB1EFB7D79D5F0219FB2DB23FB51CAAF6E32BA6C969E08131E6D1D1E53D5990120C95F28E01A4D53B0BE3832D66C2A6804B8E29A72D24A9204624549DB2E7C8D059C2DC14DA612C4B914F7601BB77C54E598BF39EF0922123927B81E4E9E339BB27D71D1F5C00FD1D46EACA9C668777D1039D02F2F4DB6DB56D3653FCB07B81F7240186B29EA251FA9738581563F150658FF56109BCA4CB2135151944D380FC05A9287EB87CFD19AC4050A3B653FAAE4B7C80651693E235F93B265CD6BD7363F4DEC82365D34849E5B3FA5A812D0459FD7CC4CDE8AA3B233A61C27F52E1DDABE7AFE2DA718849508639B069EC8C3016FB64C2BDA900F3A72CC3A98CF210279BCD796D989FB71A28AFC2048656DF9DA43E474FD9ACFAEFD04F3EB91386BC358C32D4A905B006231144A31C4AA16FD

Now compare previous modulus to this one from a private key:
Modulus=A6B1386A61CB8446C442A42EA0530A21902593F76BDADB3A9152AF7FC27343EB85FD5FAAA20ACDEF334CFFF5A22A7F579775A6588F44370F1A3DC22EAECD6110BDAADCB282BC4CDB65634751F76A32C9C62B3E84865F2AD3144DF74E1C1192EF31D6D8AD62F441D17F49ACA188F1ADE30A03B98A7A29C22CCBA5EB3CE765C12E35230BFA1A39F21AEB1D253C565632E8F3A1DAE134A1CDD64F92C2164024C8243DDA84A56616CA8C6A9890665D702F61759A0564A27DB82BAC8C24F31E1585C9A04A3AE507160E78252D79B1656BBF0D1EE8EB1EFB7D79D5F0219FB2DB23FB51CAAF6E32BA6C969E08131E6D1D1E53D5990120C95F28E01A4D53B0BE3832D66C2A6804B8E29A72D24A9204624549DB2E7C8D059C2DC14DA612C4B914F7601BB77C54E598BF39EF0922123927B81E4E9E339BB27D71D1F5C00FD1D46EACA9C668777D1039D02F2F4DB6DB56D3653FCB07B81F7240186B29EA251FA9738581563F150658FF56109BCA4CB2135151944D380FC05A9287EBB7CFD19AC4050A3B653FAAE4B7C80651693E235F93B265CD6BD7363F4DEC82365D34849E5B3FA5A812D0459FD7CC4CDE8AA3B233A61C27F52E1DDABE7AFE2DA718849508639B069EC8C3016FB64C2BDA900F3A72CC3A98CF210279BCD796D989FB71A28AFC2048656DF9DA43E474FD9ACFAEFD04F3EB91386BC358C32D4A905B006231144A31C4AA16FD

Both seems equal but they are not, just 1 character differs, now hash both strings using md5 and you will get this:

For the first modulus:
(stdin)= 73ff8925ae59af1fc1c1ebfa9b4c8693

For the second one:
(stdin)= 5dab049cd31a9d3e500b5a5e1ef2347e

It’s pretty easy to see that both hashes differ, so, doesn’t matter what kind of hash algorithm you are using because is not about security is just to compare two weird strings in an easy way for a human being ;).

Cheers,
sahsanu