On Thu, Nov 20, 2008 at 10:03:07AM -0200, Mariano Absatz wrote:
> Hi,
>
> I generated a private key in PEM format and want to convert it to DER
> format with the following command:
>
> openssl rsa -in mykey.pem -outform DER -out mykey.der
>
> It works OK, but the resulting mykey.der is unencrypted... I can
> verify this by issuing
>
> openssl rsa -in mykey.der -inform DER -text -noout
>
> and getting the output without it asking me for a passphrase.
>
> Now I tried all of the following without getting the mykey.der encrypted:
>
> openssl rsa -in mykey.pem -passout file:mykey.pass outform DER -out mykey.der
> openssl rsa -in mykey.pem -passout pass:this_is_my_passphrase -outform
> DER -out mykey.der
> openssl rsa -in mykey.pem -des3 -passout pass:this_is_my_passphrase
> -outform DER -out mykey.der
>
> But the result is always the same... mykey.der is completely open...
> is there a way to encrypt with a passphrase a DER format private key?
The most common format for ASN.1 (DER) encrypted keys also bundles in
the associated cert and trust chain, and is called PKCS#12.
Microsoft has a proprietary (now reverse-engineered) format for (just RSA)
password-protected private keys. The 0.9.9 snapshots support this format
via the (not yet documented) -inform "PVK" option.
What application is expected to read these password-protected DER keys???
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
