On 6/12/2013 10:17 PM, Thaddeus Fuller wrote:
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password
based encryption algorithm? There doesn’t appear to be an option through
the command line `openssl pkcs8`. If it is not possible to do this
through OpenSSL (which seems to be the case), is it not a valid way to
encrypt the private key? Do you have to use a PKCS5 algorithm? If so, why?
I am not aware of any valid values for "encryptionAlgorithm" in PKCS#8
which are not password based, but since the standard does not restrict
the possible values, it may very well be possible that someone somewhere
has a PKCS#8 implementation which accepts a value which does not refer
to a password based encryption scheme.
If such a scheme were to be defined by anyone, it would need some other
way to get its encryption key. And if such a scheme were to be added
to the openssl command line tool, it would need new options to specify
that key source and provide access to it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
