On Mon, Aug 26, 2002, Fiel Cabral wrote: > When the dsa command is used to generate an encrypted > dsa private key, it outputs a PEM encoded file. > > Does the PEM encoded file simply contain the Base 64 > encoding of the ciphertext (which can be decrypted > immediately) or does it contain an ASN.1 structure > that has the ciphertext inside (and thus requires > parsing)? >
The formats of all these are documented in the manual pages. In short traditional dsa PEM format include the ciphertext base64 encoded and some auxiliary info (salt, algorithm) placed in the PEM headers. The actual data encrypted is a non standard representation of the DSA key. Its what SSLeay used so its kept for compatibility. > Is it possible to generate an encrypted private key > in DER output format? > Not using traditional format. It is however possible to convert the key to PKCS#8 format (using the pkcs8 utility) in DER format. The pkcs8 format is standard and follows the relevant specs. BTW none of this is PKCS#1 which deals with RSA only. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
