Skip to content

Instantly share code, notes, and snippets.

@marcelaraujo
Last active October 14, 2023 18:17
Show Gist options
  • Save marcelaraujo/7842dc109910afed713535ebe9235c62 to your computer and use it in GitHub Desktop.
Save marcelaraujo/7842dc109910afed713535ebe9235c62 to your computer and use it in GitHub Desktop.
Convert P12 to PEM and extract RSA public and private keys

Convert P12 into PEM

openssl pkcs12 -in google-service-account-key.p12 -nocerts -nodes -out google-service-account-key.pem

openssl pkcs12 -in google-service-account-key.p12 -clcerts -nokeys -out google-service-account-crt.pem

Private RSA key

openssl rsa -in google-service-account-key.pem -out google-service-account-key-rsa

Public RSA key

openssl rsa -in google-service-account-key.pem -out google-service-account-key-rsa.pub -pubout

Google Service Account PEM default password

Answer: notasecret

https://developers.google.com/console/help/#service_accounts

Your application needs the private key when requesting an OAuth 2.0 access token in server-to-server interactions. Google does not keep a copy of this private key, and this screen is the only place to obtain this particular private key. When you click the "Download private key" button, the PKCS #12 formatted private key is downloaded to your local machine. As the screen indicates, you must securely store this key.

The name of the downloaded private key is the key's thumbprint.

When inspecting the key on your computer, or using the key in your application, you will need to provide the password notasecret. Please note that while the password for all Google-issued private keys is the same (notasecret), each key is cryptographically unique.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment