Nelson Alves da Silva Filho wrote:
>
> I think I have found I minor bug in the apps\pkcs8.c. An error occurs whenever it is
>used with the "-topk8" and "-inform DER" parameters together. I think the -topk8 does
>not take care of the -inform parameter and always assumes a PEM input format.
>
> Example:
>
> openssl pkcs8 -inform DER -in key.der -out key.pk8 -topk8 -nocrypt -inform DER
> Error reading key
> 147:error:0906D06C:PEM routines:PEM_read_bio:no start
>line:.\crypto\pem\pem_lib.c:610:
>
Yes you are right. Unfortunately there isn't a transparent solution
because it isn't possible for the OpenSSL routines to tell the
difference between a "traditional format" RSA private and a DSA private
key if they are DER encoded they can't be encrypted either.
It is possible with a PKCS#8 format private key which is why that works
and why I think PKCS#8 should be the standard OpenSSL private key format
and the others retained for compatability reasons.
Anyway the best that can be done is to assume the input is an RSA
private key if its DER format and support that.
OpenSSLs "traditional" DSA DER format is non standard so its unlikely
that anything will use that. If someone wants DER format DSA keys then
they can always use the 'dsa' utility to convert to PEM first.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
