Unable to use the private key for APNS

Question

Created Jul ’17

Replies 4

Boosts 0

Views 11k

Participants 3

I am unable to use the P8 private key for APNS to push notifications via JWT. I am trying to verify that the key is good, but I can't even use openssl to change its format.

$ openssl pkcs8 -in AuthKey_DE4BZ3EFCZ.p8 -out AuthKey.pem

Error reading key

18784:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:.\crypto\pem\pem_lib.c:753:

I am using a Node JS script to test the notification, using jws module and I get the following error:

crypto.js:283

var ret = this._handle.sign(toBuf(key), null, passphrase);

^

Error: error:0906D066:PEM routines:PEM_read_bio:bad end line

at Error (native)

at Sign.sign (crypto.js:283:26)

...

Is there something wrong with private key, or am I doing something wrong? A quick research on the net points to the version of openssl libraries. What version of openssl do I need to make this work?

Answered by ramrad in 246878022

I figured it out... The PKCS8 private key that apple generates has the key encoded all on one line, like this:

And it needs to be 64 chars per line for crypto library to accept it. Like this:

Boost

Answer 1

jonchambers OP

Jul ’17

I believe the problem is that openssl is expecting an encrypted private key by default, but the key provided by Apple is unencrypted. This should do what you need:

openssl pkcs8 -nocrypt -in AuthKey_DE4BZ3EFCZ.p8 -out AuthKey.pem

I'm not familiar with the tools you're using on the node.js side of the fence, but it's possible you're running into the same problem there.

1

Answer 2

ramrad OP

Jul ’17

Thanks Jon, but it didn't help. 😟

0

Answer 3

ramrad OP

Jul ’17

Accepted Answer

I figured it out... The PKCS8 private key that apple generates has the key encoded all on one line, like this:

And it needs to be 64 chars per line for crypto library to accept it. Like this:

3

Answer 4

Fattie OP

Jul ’24

fantastic tip thanks

0