I'm loading a Pyjks PrivateKeyEntry object into PEM and then trying to load the pem-encoded string into a Pkey object. As you might have guessed, I'm trying to export PrivateKeyEntry along with it's cert chain into a file. We have an UI that is able to import certs and p12 containers into java keystores and I'm trying to make them downloadable too.
pkey_pem = pkey_as_pem(keystore_entry)
load_privatekey(crypto.FILETYPE_PEM, pkey_pem)
However, the error I'm getting from OpenSSL.crypto library is useless to say the least:
OpenSSL.crypto.Error: [('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_item_embed_d2i', 'nested asn1 error'), ('rsa routines', 'old_rsa_priv_decode', 'RSA lib'), ('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_item_embed_d2i', 'nested asn1 error'), ('PEM routines', 'PEM_read_bio_PrivateKey', 'ASN1 lib')]
Pyjks also shows this being done the same way: https://github.com/kurtbrose/pyjks/blob/master/tools/readks.py I'm able to export a certificate like this just fine.
EDIT: Also tried with load_privatekey(crypto.FILETYPE_ASN1, pkey_pem._pkey), results in similar cryptic error message:
{Error}[('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_template_noexp_d2i', 'nested asn1 error'), ('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_item_embed_d2i', 'nested asn1 error'), ('rsa routines', 'old_rsa_priv_decode', 'RSA lib'), ('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_item_embed_d2i', 'nested asn1 error')]