OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

PKCS5 error (version 1.2.9)

https://forums.openvpn.net/viewtopic.php?t=25929

Page 1 of 1

PKCS5 error (version 1.2.9)

Posted: Sun Feb 25, 2018 3:19 pm
by Matteo13
I’m trying to setup a server with ECDSA/ECDHE. I can easily connect from the app but only if the key is unencrypted.

If the key is encrypted then I get the PKCS5 error after entering the password in the prompt.

I used to solve this by re-encrypting the key with openssl (I changed rsa with ec), then pasting the key back in the .ovpn file. This doesn’t seem to work with EC keys, instead I’m getting a “Bad private key password” error, with no password prompt.

Code: Select all

openssl ec -in private.key -aes256 -out private2.key
This morning I updated the app to version 1.2.9 but it’s still not working for me. I bet I’m doing something wrong :(

Here is the actual key (not re-encrypted), password is “test”

Code: Select all

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjYEIxF8bIqWQICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIdPduQJSRLuIEgZCtt5NBI0mreSJy
5ZmgYq8KZpBnhcKstWo27VhCZuQAtayCXvt1/gmN0NlPWJyVNzrt808X7+HpMB+V
NKoiSI+kQHthocKyEfARub6UDyGtbcrQSNXi8LTfqAxH2ur6izVqDmeHO2BZCq8p
8y0clUoRDZ+LLYJ88bvJXAmRldJx9Xo4mKmrlvGZBpjfAr5qUN0=
-----END ENCRYPTED PRIVATE KEY-----

Re: PKCS5 error (version 1.2.9)

Posted: Sun Feb 25, 2018 3:29 pm
by TinCanTech
See --askpass in The Manual v24x

Re: PKCS5 error (version 1.2.9)

Posted: Sun Feb 25, 2018 3:44 pm
by Matteo13
TinCanTech wrote:
Sun Feb 25, 2018 3:29 pm
 See --askpass in The Manual v24x
Mmmh, how is this supposed to work? I am indeed being asked for a password, it’s just not accepted:

Code: Select all

EVENT: CORE_ERROR mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]

Re: PKCS5 error (version 1.2.9)

Posted: Mon Feb 26, 2018 1:31 am
by ordex
seems like the problem hasn't been solved. Could you please open a bug on the bugtracker? viewtopic.php?f=36&t=25650

Thanks!

Re: PKCS5 error (version 1.2.9)

Posted: Mon Feb 26, 2018 1:33 am
by ordex
One last thing: does this happen only with EC keys? or also with RSA ones?

Re: PKCS5 error (version 1.2.9)

Posted: Mon Feb 26, 2018 12:19 pm
by Matteo13
ordex wrote:
Mon Feb 26, 2018 1:33 am
 One last thing: does this happen only with EC keys? or also with RSA ones?
Yes, with RSA keys as well.

Re: PKCS5 error (version 1.2.9)

Posted: Wed May 30, 2018 8:19 am
by Telegraphen-Mast
I have the same issue since version 1.2.9
Is there any progress or did someone find a workaround?

Re: PKCS5 error (version 1.2.9)

Posted: Wed May 30, 2018 1:18 pm
by Telegraphen-Mast
I found a way.
I do
openssl pkcs8 -topk8 -out pkcs8.key -in client.key -v1 PBE-SHA1-3DES
on the server and install the file along with the config.

more info here: https://community.openvpn.net/openvpn/t ... num_hist=5

Re: PKCS5 error (version 1.2.9)

Posted: Fri Jun 01, 2018 5:42 am
by pool1689
Matteo13 wrote:
Mon Feb 26, 2018 12:19 pm
ordex wrote:
Mon Feb 26, 2018 1:33 am
 One last thing: does this happen only with EC keys? or also with RSA ones?
Yes, with RSA keys as well.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/