What causes "Neither PUB key nor PRIV key:: nested asn1 error" when building a public key in ruby?
Solution 1
A pem file is not a public key, it is a base64-encoded X509 certificate that contains, among its many fields, a public key. I don't know Ruby, or the OpenSSL ruby module, but I would look for some function that reads in PEM files and outputs an X509 certificate, then another function to extract the public key from the certificate.
Solution 2
I've got the same problem and it had a different cause. Now guess what :)
...
The damn password was wrong :( Searched 3 days for that "solution". Could have been a "Sorry dude, that's the wrong password!" instead of "nested asn1 error" imho but anyways, maybe this will help somebody.
Solution 3
If you are using dotenv
for instance, you have to surround the value with "
and have \n
for newlines.
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIICW ... UcuUtU0eIl\n-----END RSA PRIVATE KEY-----"
Solution 4
Make sure your .pem
files are in this format.
public_key_file.pem:
-----BEGIN PUBLIC KEY-----
// Your public key goes here
-----END PUBLIC KEY-----
private_key_file.pem:
-----BEGIN RSA PRIVATE KEY-----
// Your private key goes here
-----END RSA PRIVATE KEY-----
Solution 5
I had a similar problem too, but for me I wasn't creating a pem file for my id_rsa.pub file in the first place. For me I needed to create a pem file out of my existing public key:
ssh-keygen -f testing_rsa.pub -e -m pem > pem
Then I copied that OpenSSL string into my test file where it was being used. It looked like this in the end for me.
@pub_key = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAoxi2V0bSKqAqUtoQHxWkOPnErCS541r6/MOSHmKOd6VSNHoBbnas\nZRQSDUTbffB6C++DbmBCOHmvzYORD0ZWYgyMcgbYJD48Z2fe0nm+WMYN5u8DPnTP\nvf8b/rJBxGF0dsaoFAWlB81tTnKFCxAbCSgfmQt+Vd4qupGZ5gGu9uoKlaPjmYuA\nIxIjUMcu3dov7PQ+PZIvdkM0fiz8YIl8zo+iWWyI2s6/XLoZJ4bYs2YJHZDf6biU\nsZhs8xqh/F6qlcRt3Ta25KMa0TB9zE3HHmqA/EJHFubWFRCrQqpboB0+nwCbmZUl\nhaxA79FRvYtORvFAoncoFD4tq3rGXcUQQwIDAQAB\n-----END RSA PUBLIC KEY-----\n"
.
.
.
OpenSSL::PKey::RSA.new(@pub_key)
After that the method stopped throwing that error.
Matthew
Hi, I'm Matthew. I'm a developer and entrepreneur in San Francisco.
Updated on July 09, 2022Comments
-
Matthew almost 2 years
When building a public key using the OpenSSL::PKey::RSA module by passing it a .pem file, what is the cause for a response:
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:: nested asn1 error from /Users/Matt/projects/placepop/lib/apn.rb:48:in `initialize' from /Users/Matt/projects/placepop/lib/apn.rb:48:in `new' from /Users/Matt/projects/placepop/lib/apn.rb:48:in `open' from (irb):1
Here is the source:
cert = File.join(rails_root, 'config', 'apns', 'sandbox-cert.pem') APN_CONFIG = { :delivery => { :host => 'gateway.sandbox.push.apple.com', :cert => cert, :passphrase => "", :port => 2195 }, :feedback => { :host => 'feedback.sandbox.push.apple.com', :port => 2196, :passphrase => "", :cert => cert} } options = APN_CONFIG[:delivery].merge(options) cert = File.read(options[:cert]) ctx = OpenSSL::SSL::SSLContext.new ctx.key = OpenSSL::PKey::RSA.new(cert, options[:passphrase]) ctx.cert = OpenSSL::X509::Certificate.new(cert) sock = TCPSocket.new(options[:host], options[:port]) ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync = true ssl.connect
-
Matthew over 14 yearsYou're correct. The problem was from the way that the pem file was exported from the certificate. The private key was not included.
-
tobyc over 14 yearsI'm having the same problem. What exactly did you do wrong when exporting the certificate? My .pem file contains my private key at the bottom of the file.
-
Smar about 9 yearsSomeone should poke upstream with sturdy stick about this too... escapes
-
Rahul Goyal over 7 yearsI am having the same issue...i pass only my private key !
-
lkartono almost 7 yearsI confirm, had the same issue and a wrong password was causing it. Thanks to your post, I was able to fix it. The error message is definitely not accurate.
-
skplunkerin almost 6 yearsThis solved my problem: stackoverflow.com/a/39115092/1180523. Store the PEM contents as a single line (using
\n
) in an ENV variable, and then make sure to use the.gsub
suggestion in the link. -
sab over 5 years@2called-chaos as of 2018 I can't thank you enough haha thinking that the pw had typos was the last thing I thought about when checking some code that wasn't working, that error message couldn't be more useless
-
bradw2k about 4 yearsMy (silly) problem was, even though I was feeding it the private key, there was whitespace on the left of the lines of the private key, because it had been indented. Left-justifying every line of the key string got rid of this error.
-
Khulani M almost 4 yearsYou da man! I don't know I messed up the password. But recreating the keys fixed this. Many thanks!
-
theotherdy over 3 yearsJust adding the link to the LTI 1.3 reference implementation which was giving me this error until I followed your advice to leave in the BEGIN and END comments: lti-ri.imsglobal.org