Jan Leßner wrote:
>
> Hello OpenSSL guys
> Does anybody know how to create a PKSC8 formatted private key file?
>
Well I wrote the PKCS#8 code so I might be able to help :-)
> As far as I understood, OpenSSL by default generates private key files
> in PKCS5 format. I was hoping that the pkcs8 tool whould allow the
> conversion I need, but unfortunately it refuses to read the files I
> generated with the genrsa tool, reporting an error like
>
> > openssl pkcs8 -inform DER < tmp.der
By default OpenSSL uses the old SSLeay format which uses PKCS#1 for RSA
keys and some SSLeay specific stuff for its PEM encryption and DSA keys.
All very non standard but it has to stay in the name of compatability...
Anyway the pkcs8 utility is now documented. In common with other
utilities it expects input in the form suggested by its name by default:
thus pkcs12 expects to input a PKCS#12 file, pkcs8 a PKCS#8 file and so
on.
To change this you need to use the -topk8 option which reverses things
so it reads a traditional format private key and converts to PKCS#8.
I suggest you read the man page (assuming its the proper one now and not
the duff one I included yesterday) because there are various issues
involved. By default you only get 56 bit DES encryption. If you want
more then using "-v2 des3" will do the trick but the format will not be
compatabible with older implementations.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
