Converting exported private key from Microsoft SQL Server to PEM and back to PVK The 2019...

How do I design a circuit to convert a 100 mV and 50 Hz sine wave to a square wave?

How to determine omitted units in a publication

Presidential Pardon

Do working physicists consider Newtonian mechanics to be "falsified"?

"... to apply for a visa" or "... and applied for a visa"?

What aspect of planet Earth must be changed to prevent the industrial revolution?

how can a perfect fourth interval be considered either consonant or dissonant?

Could an empire control the whole planet with today's comunication methods?

Mortgage adviser recommends a longer term than necessary combined with overpayments

Accepted by European university, rejected by all American ones I applied to? Possible reasons?

What was the last x86 CPU that did not have the x87 floating-point unit built in?

How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time

Button changing its text & action. Good or terrible?

What do I do when my TA workload is more than expected?

Working through the single responsibility principle (SRP) in Python when calls are expensive

How did the audience guess the pentatonic scale in Bobby McFerrin's presentation?

Student Loan from years ago pops up and is taking my salary

Can withdrawing asylum be illegal?

How can a C program poll for user input while simultaneously performing other actions in a Linux environment?

Is 'stolen' appropriate word?

University's motivation for having tenure-track positions

Can the DM override racial traits?

Can we generate random numbers using irrational numbers like π and e?

Python - Fishing Simulator



Converting exported private key from Microsoft SQL Server to PEM and back to PVK



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Which ports to open for Microsoft SQL Server?Error installing certificates with private keysHow can I make a usable copy of an SQL Server database on Windows Server 2003?Removing Microsoft SQL ServerPKCS12 key from Winserver2008 cert authorityDid I just send my private ssh key?How to export certificate in pfx format?pfSense self-signed GUI cert works on LAN with Firefox, but FreeNAS' doesn't. How to fix it?Let's encrypt + certbot: where is the private keySecurity, recovery etc of Letsencrypt certificates





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike






security sql-server microsoft







share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday




















0















I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike






security sql-server microsoft







share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday
















0












0








0








I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike






security sql-server microsoft







share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike






security sql-server microsoft




security sql-server microsoft






share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Mike BranhamMike Branham

1




1




New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday



















I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

– Mike Branham
yesterday







I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

– Mike Branham
yesterday












0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.













Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.












Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

Image
Why didn't Boeing produce its own regional jet? What is the most common color to indicate the input-field is disabled? Theorists sure want true answers to this! What is the opposite of "eschatology"? What do you call someone who asks many questions? Is there a hemisphere-neutral way of specifying a season? Is this draw by repetition? Bug? String.split chopping off empty trailing value Is it inappropriate for a student to attend their mentor's dissertation defense? How dangerous is XSS Why do I get negative height? Is it possible to map
Read more

VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...

Image
risk of flooding in petra in november How to get directions in deep space? How could a planet have erratic days? 15% tax on $7.5k earnings. Is that right? Did the UK lift the requirement for registering SIM cards? Is it allowed to activate the ability of multiple planeswalkers in a single turn? Stack Interview Code methods made from class Node and Smart Pointers Non-trope happy ending? What is the highest possible scrabble score for placing a single tile Open a doc from terminal, but not by its name The IT department bottlenecks progress, how should I handle this?
Read more

Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

Image
Does the Mueller report show a conspiracy between Russia and the Trump Campaign? Relating to the President and obstruction, were Mueller's conclusions preordained? How much damage would a cupful of neutron star matter do to the Earth? Nose gear failure in single prop aircraft: belly landing or nose landing? Should a wizard buy fine inks every time he want to copy spells into his spellbook? Can you force honesty by using the Speak with Dead and Zone of Truth spells together? A trigonometry question from STEP examination Special flights What is the "studentd" process? systemd and copy (/bin/cp): no such file or directory
Read more