On Thu, Jul 24, 2014 at 08:07:01AM -0700, phildoch wrote:
> The key format needed by the system is algorithm-specific DER format.
I am not aware of any standard formats for keys other than PKCS#8
or PKCS#12. In particular, the algorithm-specific PEM encodings
output by "openssl rsa|ec" are I believe non-standard, and their
DER forms are even more so supported on an ad-hoc basis.
Note that the pkey(1) utility included with OpenSSL 1.0.0, reads
any of the various ad-hoc formats in either PEM or DER encoding,
but outputs PKCS#8. Thus:
openssl ec -outform DER | openssl pkey -inform DER
is not an identity transformation, as can be seen by looking at
the ASN.1 with asn1parse(1).
> It is received from the user in the same algorithm-specific in PEM format.
> The algorithm can be:
>
> 1) secp384r1 (i.e. created by "openssl ecparam -out ec_key.pem -name
> secp384r1 -genkey")
This outputs an ad-hoc algorithm-specific PEM encoding.
> 2) rsa:2048 (i.e. created by "openssl genrsa -out rsa2048_key.pem 2048)
> 3) rsa:4096 (i.e. created by "openssl genrsa -out rsa4096_key.pem 4096)
As do these. What software could possibly want to consume these in
DER encoding, rather than as a DER-encoded PKCS#8 object?
> I tried to create a program based on the code of the command "openssl pkey
> -in key.pem -outform DER -out keyout.der" in file /apps/pkey.c in openssl
> project.
This reads any of the various legacy formats and outputs DER-encoded
PKCS#8.
> Any help would be appreciated.
You still have not explained which software is going to consume
these keys, and why it expects to consume the legacy ad-hoc OpenSSL
key formats in DER form.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
