Cannot create new connection: client key rejected as invalid PEM PKCS#8 format #2177
Description
Hi,
I'm having trouble creating a new MQTT connection in Ditto. The error message returned is:
{
"status": 400,
"error": "connectivity:connection.configuration.invalid",
"message": "/credentials/key: bad format. Expect PEM-encoded PKCS #8 data specified by RFC-7468 starting with '-----BEGIN PRIVATE KEY-----'",
"description": "Please format your client key as PEM-encoded unencrypted PKCS #8."
}
Here’s what I did:
I generated the private key using the following OpenSSL command:
openssl ecparam -genkey -name prime256v1 -out device-key.key
I then converted the key (e.g., using KeyStore Explorer) and confirmed that:
-
The algorithm is EC (P-256)
-
The key size is 256 bits
-
The format is PKCS#8
In the connection JSON, I’m passing the key as:
"key": "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49...3YEiS\n-----END PRIVATE KEY-----"
Despite this, Ditto still rejects the key format.
What am I doing wrong? Is there a specific way I need to generate or convert the EC private key so that Ditto accepts it as valid PEM-encoded unencrypted PKCS#8?
Thanks in advance for any help!