On Tue, Jan 05, 2010, Kyle Hamilton wrote: > A .p10 file *is* the same as a .csr file; the Certificate Signing > Request format is defined in PKCS#10. The only question is whether > the file content begins with an '=' character. If it does, use > -inform PEM; if it doesn't, use -inform DER. > > (Considering that it's entirely possible to differentiate a > base64-der-encoded blob as opposed to a der-encoded blob, because > there's no way that an '=' character can start a DER blob, there's > really no reason that I can see to keep the PEM versus DER distinction > on the commandline. This is a legacy behavior from SSLeay that I > can't really see the need for.) >
An "=" as the first character is not definitive. PEM files can contain text before the PEM headers. A DER file (well all the types OpenSSL uses) by contrast will contain 0x30 as the first character (SEQUENCE tag) but that is also ASCII '0'. Trying both types to see which (if any) worked would be one strategy to handle this automatically or seeing if the initial SEQUENCE header looked like it covered the whole file. There would be exceptions to both cases though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
