I'm trying to load a private key using OpenSSL with:
from OpenSSL import crypto
PRIVATE_KEY = 'private_key.pem'
with open(PRIVATE_KEY, 'rb') as fh:
private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')
But I'm receiving this unhelpful error:
Traceback (most recent call last):
File "keytest.py", line 5, in <module>
private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, fh.read(), '')
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 2010, in load_privatekey
_raise_current_error()
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 22, in exception_from_error_queue
raise exceptionType(errors)
OpenSSL.crypto.Error: []
The only reference I can find to this error is Twisted Python, TLS and client/server certificate authentication error. However, the author was accidentally trying load a public certificate as a private key with twisted.internet.ssl.PrivateCertificate.loadPEM() (ultimately OpenSSL.crypto.load_privatekey()) instead of twisted.internet.ssl.Certificate.loadPEM() (ultimately OpenSSL.crypto.load_certificate()).
What could cause this?
There are at least two cases where loading a private key results in the error:
OpenSSL.crypto.Error: []
1) If the private key is encrypted, but you were not expecting it to be encrypted. I.e., the private key contains:
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
Instead of:
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
2) If the private key is encrypted, but you are providing the wrong password.