Problem with loading private key

[dexcell]

Though my setup is correct, i always got this error

Passphrase given, but the private key in XXX is not encrypted, please make sure you are using the correct certificate/passphrase combination.

Commenting Certificate.php on line 171. solved the problem..

Push notification sent without problem.

[mac-cain13]

Could you provide some information about your setup?

• Please check if your private key is protected by a passphrase by opening the file and checking the first lines. Do the first lines state that is it encrypted, like the example below?

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0AA583BC09936AF678BF9DF5CFC517CE

• Could it be that you pass an empty string into Notificato instead of using null somewhere?

Also, you say commenting out Certificate.php:171 fixes it, but this is a comment itself. Do you mean that you comment out the if-statement and its contents (Certificate.php:172-179) right below it?

[dexcell]

Hi, thank you for your fast reply.

No it doesn't.

The pem certificate starts with

Bag Attributes
    friendlyName: Apple Development IOS Push Services: com.xxx.xxxxx
    localKeyID: 64 F7 78 E0 1F 46 D0 C3 31 DC 8C 2C 63 B2 24 85 39 C2 00 9D 
subject=/UID=com.xxx.xxx/CN=Apple Development IOS Push Services: com.xxx.xxx/OU=65R2M84NWL/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority

I created the pem file using command line below

openssl pkcs12 -in aps_development.p12 -out aps_development.pem -nodes -clcerts

Since i have to enter the passphrase when execute the command line i thought it should be encrypted?

Yes, i mean i commented out the lines below line 171 (which is the if statement like you have said).

Thank you

[mac-cain13]

The conversion you did is putting everything in one file, which is a good thing to do, but I think your private key is somewhere lower in the file. Do you see a -----BEGIN RSA PRIVATE KEY------line somewhere in the file? That is where your private key starts and the ENCRYPTED statement should be.

Could you let me know if you can find the private key part and if it is encrypted?

Also; Try running your Notificato code without any passphrase. (Pass null instead of the passphrase.) Is that working? If it is that is also an indication the key is not encrypted.

[dexcell]

Yes, you are correct,

There is -----BEGIN RSA PRIVATE KEY----- at the bottom, It looks like the private key is on the bottom.

And, there is no encrypted text below -----BEGIN RSA PRIVATE KEY----- like you wrote before.

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0AA583BC09936AF678BF9DF5CFC517CE

I'll try to pass null, let's see if it's working.

However here is how i create the pem file. Since i need to type the passphrase when doing these procedure. so i thought it's already encrypted. Please correct if i'm wrong somewhere around.

1. Download push *.cer file from apple developer.
2. Double click the file, and it's installed on my key chain.
3. Now, i right click the installed cer on my keychain, and export it to .p12, When exporting, i need to type the passphrase.
4. Then i run

openssl pkcs12 -in aps_development.p12 -out aps_development.pem -nodes -clcerts

And i need to type the passphrase that i entered when exporting.

[mac-cain13]

Okay, so looks like the error Notificato presented was correct after all. Since the key is not encrypted, but you think it is, the library warns you about this.

I googled a bit and it seems that the -nodes option removes the encryption from the private key when converting it from p12 to pem. I'm not sure if you can just skip the -nodes option or that skipping it will give other issues.

Note that the passphrase you type is to decrypt the key from the p12, not to encrypt it into the pem file.

[dexcell]

Confirmed, this is false positive. The problem was the key was not encrypted. passing null on passphrase will sent the notification.

[mac-cain13]

Thanks for letting me know!