I have an encrypted private key in PEM format created with `openssl genrsa -aes128 -out key.pem` (using a password of 'test' when prompted).
According to http://www.openssl.org/docs/crypto/pem.html (under PEM ENCRYPTION FORMAT): The encryption key is determined using EVP_bytestokey(), using salt and an iteration count of 1. The IV used is the value of salt and *not* the IV returned by EVP_bytestokey(). I'm having trouble duplicating the decryption in Crypto++. I suspect the problem is with the Key and IV dervied in EVP_KeyToBytes. (EVP_KeyToBytes was essentially copied/pasted. The only changes were the Crypto++ retro-fitting. So I suspect I'm not setting up Salt or Data correctly; or AES/CBC is not using MD5). To understand what's going on, I started examining what OpenSSL is doing in the source code. When I step `genrsa` under a debugger to see what is being passed to EVP_KeyToBytes, the breakpoint never fires. I can BP at `password_callback` (in apps.c), and I can BP at `PEM_write_bio_RSAPrivateKey` (in genrsa.c), but I don't see the call to EVP_KeyToBytes. Any ideas what I am doing wrong such that I can't break at EVP_KeyToBytes? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
