I'm attempting to make software that can use the crypto features in
either OpenSSL or Mozilla NSS. Thus far I've had little difficulty in
doing so except for one problem. When I export an
EncryptedPrivateKeyInfo (for a 2048 bit key) using OpenSSL the resulting
file is 1298 bytes in length. However when I export it using NSS it
comes out to be 1270 bytes. The odd thing is that OpenSSL can read the
exported NSS key using the following OpenSSL code:
RSA *key = NULL;
BIO *mem = BIO_new_mem_buf((void *) privateKeyData.getByteArray(),
privateKeyData.size() );
char *pwd = (char*)passPhrase.c_str();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
EVP_PKEY *clave = d2i_PKCS8PrivateKey_bio(mem, NULL, NULL, pwd);
if (clave == NULL)
{
ERR_print_errors_fp(stderr);
}
key = EVP_PKEY_get1_RSA(clave);
I can also successfully export the NSS generated key using the command:
"openssl pkcs8 -in private.key -inform DER -out encoded.out"
However, when NSS attempts to decrypt the OpenSSL generated file, it
fails with an error suggesting an invalid password was used. One
difference I noticed is that NSS requires the password be in Unicode,
while OpenSSL takes a plain ASCII string. But when I attempted to use
an ASCII string to encrypt the password in NSS, then "openssl pkcs8 -in
private.key -inform DER -out encoded.out" no longer could decrypt the key.
If it is of any help, the algorithm I am using in Mozilla NSS is:
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
and the algorithm I am using in OpenSSL is:
i2d_PKCS8PrivateKey_fp (fp, clave, EVP_des_ede3_cbc(), NULL, 0, NULL, pwd);
I am at a loss as to what is causing these key incompatibilities and
would be grateful for any suggestions regarding the matter.
Best Regards,
Jason Resch
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
