Converting exported private key from Microsoft SQL Server to PEM and back to PVK The 2019...

How do I design a circuit to convert a 100 mV and 50 Hz sine wave to a square wave?

How to determine omitted units in a publication

Presidential Pardon

Do working physicists consider Newtonian mechanics to be "falsified"?

"... to apply for a visa" or "... and applied for a visa"?

What aspect of planet Earth must be changed to prevent the industrial revolution?

how can a perfect fourth interval be considered either consonant or dissonant?

Could an empire control the whole planet with today's comunication methods?

Mortgage adviser recommends a longer term than necessary combined with overpayments

Accepted by European university, rejected by all American ones I applied to? Possible reasons?

What was the last x86 CPU that did not have the x87 floating-point unit built in?

How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time

Button changing its text & action. Good or terrible?

What do I do when my TA workload is more than expected?

Working through the single responsibility principle (SRP) in Python when calls are expensive

How did the audience guess the pentatonic scale in Bobby McFerrin's presentation?

Student Loan from years ago pops up and is taking my salary

Can withdrawing asylum be illegal?

How can a C program poll for user input while simultaneously performing other actions in a Linux environment?

Is 'stolen' appropriate word?

University's motivation for having tenure-track positions

Can the DM override racial traits?

Can we generate random numbers using irrational numbers like π and e?

Python - Fishing Simulator



Converting exported private key from Microsoft SQL Server to PEM and back to PVK



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Which ports to open for Microsoft SQL Server?Error installing certificates with private keysHow can I make a usable copy of an SQL Server database on Windows Server 2003?Removing Microsoft SQL ServerPKCS12 key from Winserver2008 cert authorityDid I just send my private ssh key?How to export certificate in pfx format?pfSense self-signed GUI cert works on LAN with Firefox, but FreeNAS' doesn't. How to fix it?Let's encrypt + certbot: where is the private keySecurity, recovery etc of Letsencrypt certificates





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike










share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday




















0















I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike










share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday
















0












0








0








I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike










share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.



I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.



The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.



I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.



Reversing the openssl command to output a pvk from pem also fails.



Anyone know a way to get this done?



Thanks
-Mike







security sql-server microsoft






share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Mike BranhamMike Branham

1




1




New contributor




Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday





















  • I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

    – Mike Branham
    yesterday



















I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

– Mike Branham
yesterday







I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.

– Mike Branham
yesterday












0






active

oldest

votes












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.













Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.












Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...