> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Thursday, July 24, 2014 14:18
> On Thu, Jul 24, 2014 at 08:07:01AM -0700, phildoch wrote:
>
> > The key format needed by the system is algorithm-specific DER format.
>
> I am not aware of any standard formats for keys other than PKCS#8
> or PKCS#12. In particular, the algorithm-specific PEM encodings
> output by "openssl rsa|ec" are I believe non-standard, and their
> DER forms are even more so supported on an ad-hoc basis.
>
RSA is PKCS1, and EC is X9.62 (according to SECG1 and rfc3279).
PKCS8 only defines the wrapper, basically AlgId and optional PKCS5 PBE.
It leaves the chocolately inside to other standards, including
but not limited to those above.
PKCS12 defines an outer wrapper and uses PKCS8 for privatekey "bag".
AFAICS the more flexible PKCS12 and to some extent PKCS8 are
indeed more widely used/supported.
> Note that the pkey(1) utility included with OpenSSL 1.0.0, reads
> any of the various ad-hoc formats in either PEM or DER encoding,
> but outputs PKCS#8. Thus:
>
> openssl ec -outform DER | openssl pkey -inform DER
>
> is not an identity transformation, as can be seen by looking at
> the ASN.1 with asn1parse(1).
>
(And even in 0.9 pkcs8 -topk8 could do that, but the OP is
obviously on 1.0.0 or higher.)
> > It is received from the user in the same algorithm-specific in PEM
format.
> > The algorithm can be:
> >
> > 1) secp384r1 (i.e. created by "openssl ecparam -out ec_key.pem -name
> > secp384r1 -genkey")
>
> This outputs an ad-hoc algorithm-specific PEM encoding.
>
> > 2) rsa:2048 (i.e. created by "openssl genrsa -out rsa2048_key.pem
2048)
> > 3) rsa:4096 (i.e. created by "openssl genrsa -out rsa4096_key.pem
4096)
>
> As do these. What software could possibly want to consume these in
> DER encoding, rather than as a DER-encoded PKCS#8 object?
>
Any that uses the d2i_{alg}PrivateKey routine(s) which handle
only the matching alg-specific format, unlike d2i_PrivateKey which
handles all algorithms using a really ugly guessing game.
In contrast PEM_read_{alg,PKCS8,}PrivateKey can all recognize
and parse both PKCS8 and alg-spec formats from the BEGIN line;
the only difference is that {RSA,DSA,EC}PrivateKey then gives an
error if the key is not the corrrect algorithm (in either format)
> > I tried to create a program based on the code of the command "openssl
> pkey
> > -in key.pem -outform DER -out keyout.der" in file /apps/pkey.c in
openssl
> > project.
>
> This reads any of the various legacy formats and outputs DER-encoded
> PKCS#8.
>
(In 1.0.0+. In 0.9.8 i2d_PrivateKey, or PEM_write_PrivateKey,
dispatches to the various alg-specific formats; only the PKCS8PrivateKey or
PKCS8_PRIV_KEY_INFO versions do PKCS8.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
