On Mon, Sep 14, 2009, Bram Cymet wrote: > I have an interesting problem. > > I use python with M2Crypto to make openssl calls. I am using M2Crypto > 0.18.0, openssl 0.9.8k, and python 2.6. I am able to generate a private > key and encode it in pem format. The only problem is that IPSEC > (openswan) is unable to use the file. If I run the following command: > > openssl rsa -in in.key -out out.key > > where in.key is the file originally generated with python. > > Then the out.key file will work fine. The out.key file will be slightly > smaller in size and the actual characters in the encoding will be > different. Openssl is able to work with both file just fine. > > Any ideas what could be going on? >
It depends on the format of the keys. If you see BEGIN PRIVATE KEY in the headers or BEGIN ENCRYPTTED PRIVATE KEY it is in PKCS#8 format which some liraries may not be able to handle. If it says BEGIN RSA PRIVATE KEY and has a line with DEK-Info at the start it is in "traditional" OpenSSL encrypted private key format, which again some libraries may have problems with. When you use that command above you convert to unencrypted PKCS#1 PEM format (RSAPrivateKeyInfo encoded with PEM headers) which is more standard. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
