On Mon, Feb 28, 2011, Yolanda Liu (liuyu) wrote: > Hi, > > > > I manually ran "openssl genrsa -out key.rsa 2048" in FIPS on and off > mode, the generated private keys are in different format. > > > > In FIPS off mode: > > -----BEGIN RSA PRIVATE KEY----- > > MIIEpAIBAAKCAQEAwhVeHVTVFcrWJn6d8WJWgQ49lETK7a7rPS8nCxgOHJWmT3bV > > > in FIPS on mode, the rsa key is in the format of: > > -----BEGIN PRIVATE KEY----- > > MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGFFwpoMPMm96I > > > > The version we are using is OpenSSL 0.9.8l-fips. > > > > The key generated in FIPS on mode is pkcs#8. Is this the expected > behavior? Is there a way to specify the format of the RSA key? > >
Yes it is expected behaviour. The "traditional" format relies on MD5 which is prohibited in FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
