Imran Badr wrote: > > Hi, > > The keyfile, representing an ecrypted private key, generated by openssl is > ASN.1 type RSAPrivateKey (PKCS#1), ecrypted using DES-EDE3-CBC and then PEM > encoded. Is that right ? >
It doesn't have to be triple DES encrypted. The "traditional" format involves adding some information in the PEM headers and deriving a key and IV from the password using a algorithm unique to OpenSSL. This is documented in detail in the 0.9.7 docs. This format should really be avoided for new applications because it is non standard. The preferred format is PKCS#8 and any of a variety of password based encryption algorithms including those of PKCS#5 (v1.5 and v2.0) and PKCS#12. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]