PKCS5 error (version 1.2.9)

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Matteo13
OpenVpn Newbie
Posts: 8
Joined: Fri Jan 12, 2018 8:44 am

PKCS5 error (version 1.2.9)

Post by Matteo13 » Sun Feb 25, 2018 3:19 pm

I’m trying to setup a server with ECDSA/ECDHE. I can easily connect from the app but only if the key is unencrypted.

If the key is encrypted then I get the PKCS5 error after entering the password in the prompt.

I used to solve this by re-encrypting the key with openssl (I changed rsa with ec), then pasting the key back in the .ovpn file. This doesn’t seem to work with EC keys, instead I’m getting a “Bad private key password” error, with no password prompt.

Code: Select all

openssl ec -in private.key -aes256 -out private2.key
This morning I updated the app to version 1.2.9 but it’s still not working for me. I bet I’m doing something wrong :(

Here is the actual key (not re-encrypted), password is “test”

Code: Select all

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjYEIxF8bIqWQICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIdPduQJSRLuIEgZCtt5NBI0mreSJy
5ZmgYq8KZpBnhcKstWo27VhCZuQAtayCXvt1/gmN0NlPWJyVNzrt808X7+HpMB+V
NKoiSI+kQHthocKyEfARub6UDyGtbcrQSNXi8LTfqAxH2ur6izVqDmeHO2BZCq8p
8y0clUoRDZ+LLYJ88bvJXAmRldJx9Xo4mKmrlvGZBpjfAr5qUN0=
-----END ENCRYPTED PRIVATE KEY-----
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PKCS5 error (version 1.2.9)

Post by TinCanTech » Sun Feb 25, 2018 3:29 pm

See --askpass in The Manual v24x
Top
Matteo13
OpenVpn Newbie
Posts: 8
Joined: Fri Jan 12, 2018 8:44 am

Re: PKCS5 error (version 1.2.9)

Post by Matteo13 » Sun Feb 25, 2018 3:44 pm

TinCanTech wrote:
Sun Feb 25, 2018 3:29 pm
 See --askpass in The Manual v24x
Mmmh, how is this supposed to work? I am indeed being asked for a password, it’s just not accepted:

Code: Select all

EVENT: CORE_ERROR mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: PKCS5 error (version 1.2.9)

Post by ordex » Mon Feb 26, 2018 1:31 am

seems like the problem hasn't been solved. Could you please open a bug on the bugtracker? viewtopic.php?f=36&t=25650

Thanks!
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: PKCS5 error (version 1.2.9)

Post by ordex » Mon Feb 26, 2018 1:33 am

One last thing: does this happen only with EC keys? or also with RSA ones?
Top
Matteo13
OpenVpn Newbie
Posts: 8
Joined: Fri Jan 12, 2018 8:44 am

Re: PKCS5 error (version 1.2.9)

Post by Matteo13 » Mon Feb 26, 2018 12:19 pm

ordex wrote:
Mon Feb 26, 2018 1:33 am
 One last thing: does this happen only with EC keys? or also with RSA ones?
Yes, with RSA keys as well.
Top
Telegraphen-Mast
OpenVpn Newbie
Posts: 2
Joined: Fri Aug 25, 2017 3:34 pm

Re: PKCS5 error (version 1.2.9)

Post by Telegraphen-Mast » Wed May 30, 2018 8:19 am

I have the same issue since version 1.2.9
Is there any progress or did someone find a workaround?
Top
Telegraphen-Mast
OpenVpn Newbie
Posts: 2
Joined: Fri Aug 25, 2017 3:34 pm

Re: PKCS5 error (version 1.2.9)

Post by Telegraphen-Mast » Wed May 30, 2018 1:18 pm

I found a way.
I do
openssl pkcs8 -topk8 -out pkcs8.key -in client.key -v1 PBE-SHA1-3DES
on the server and install the file along with the config.

more info here: https://community.openvpn.net/openvpn/t ... num_hist=5
Top
pool1689
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 01, 2018 5:25 am

Re: PKCS5 error (version 1.2.9)

Post by pool1689 » Fri Jun 01, 2018 5:42 am

Matteo13 wrote:
Mon Feb 26, 2018 12:19 pm
ordex wrote:
Mon Feb 26, 2018 1:33 am
 One last thing: does this happen only with EC keys? or also with RSA ones?
Yes, with RSA keys as well.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”