reading private key file

Rainer Gerhards rgerhards at
Thu Dec 1 17:24:52 CET 2011

Hi all,

I am banging my head for quite some while now and hope to find some
help here. I am unable to read a private key that I have generated
with certtool.

I do this

$ certtool  --generate-privkey --outfile test.key

then I call my (test) program and make it try to read/import test.key
via these statements:

	data.size = fread (buffer, 1, sizeof (buffer) - 1, infile);
	buffer[data.size] = 0; = buffer;
	r = gnutls_x509_privkey_init(&key);
	r = gnutls_x509_privkey_import(key, &data, GNUTLS_X509_FMT_PEM);
		fprintf(stderr, "gnutls error %d in privkey_import1: %s\n",
			r, gnutls_strerror(r));
      		/* as a non-interactive process, we do not try with password */
                r = gnutls_x509_privkey_import_pkcs8 (key, &data,
	if(r != GNUTLS_E_SUCCESS) {
		fprintf(stderr, "gnutls error %d in privkey_import: %s\n",
			r, gnutls_strerror(r));

This results in these errors:
gnutls error -69 in privkey_import1: ASN1 parser: Error in DER parsing.
gnutls error -207 in privkey_import: Base64 unexpected header error.

Interestingly, I can read the key file without any problems via
openSSL's PEM_read_RSAPrivateKey(). I guess I am doing something
pretty basic wrong, but what?

Help would be deeply appreciated.

More information about the Gnutls-help mailing list