Re: Issue with Private key with FIPS enabled openssl

rajanchittil Wed, 08 Jul 2009 06:48:19 -0700

I am also having the same problem .Is any one got the solution for this ...



My configure file has this entry


[ req ]
default_bits = 2048
default_keyfile = $HOME/exampleca/private/cakey.pem
default_md = sha1
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]
commonName = Example CA
stateOrProvinceName = Virginia
countryName = US
emailAddress = c...@exampleca.org
organizationName = Root Certification Authority


openssl req -newkey rsa:2048 -keyout $HOME/server_req/server_priv_key.pem
-keyform PEM -out $HOME/server_req/server_req.pem -outform PEM 

But when i am trying to display the private key ,i am getting this error 

# openssl rsa -in $HOME/server_req/server_priv_key.pem -pubout -text
Enter pass phrase for //server_req/server_priv_key.pem:
unable to load Private Key
221296:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled
for fips:digest.c:292:
221296:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:337:
221296:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428:

My digest is sha1 .. Can you please help me

Thanks in Advance

Rajan

Steve Marquess-2 wrote:
> 
> Kyle Hamilton wrote:
>> It was my mistake, I had misunderstood that DES itself was not allowed
>> and therefore derivatives of it were not allowed either.
>>   
> 
> While 3DES is currently legal we can expect it to be phased out at some 
> point just as plain DES has been, so AES is the better choice where you 
> are free to choose between them.
> 
> Unfortunately some legacy software that you may need to interoperate 
> with does not support AES.
> 
> -Steve M.
> 
> -- 
> Steve Marquess
> Veridical Systems, Inc.
> marqu...@veridicalsystems.com
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Issue-with-Private-key-with-FIPS-enabled-openssl-tp22453532p24391901.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: Issue with Private key with FIPS enabled openssl

Reply via email to