On Sun, Mar 27, 2011, Massimiliano Pala wrote: > Hello, > > it seems that there are two different encoding versions when encoding > EC keys. In particular, if using the EVP_PKEY_() the version is set to > "0" - and that is incompatible with software other than OpenSSL. > Here's an example: > > -----BEGIN PRIVATE KEY----- > MGcCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcETTBLAgEBBCDxE4JqRGtcOqVjy8wM > gI/eDocdjKO4nVaSRRmeAiNeWaEkAyIAAua6xRQ8yyLt6j0+g8nS6P5LzsQqaPTN > /HwjnCW/S0VN > -----END PRIVATE KEY----- > > To reproduce, simply use the openssl pkey command: > > $ openssl pkey -in key.pem | openssl asn1parse > > The output is: > > 0:d=0 hl=2 l= 103 cons: SEQUENCE > 2:d=1 hl=2 l= 1 prim: INTEGER :00 > 5:d=1 hl=2 l= 19 cons: SEQUENCE > 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey > 16:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 > 26:d=1 hl=2 l= 77 prim: OCTET STRING ... > > On the other hand, if using the i2d_ECPrivateKey_bio() the version is > automatically set to "1". > > To reproduce, just use the openssl ec command: > > $ openssl ec -in key.pem | openssl asn1parse > > The output is: > > 0:d=0 hl=2 l= 87 cons: SEQUENCE > 2:d=1 hl=2 l= 1 prim: INTEGER :01 > 5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:F113... > 39:d=1 hl=2 l= 10 cons: cont [ 0 ] > 41:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 > 51:d=1 hl=2 l= 36 cons: cont [ 1 ] > 53:d=2 hl=2 l= 34 prim: BIT STRING > > So.. is there a way to have the EVP_PKEY_* code path behave as the > ECPrivateKey_bio() code path ? > > Is this a bug ? Any idea how to fast-fix it ? >
There are two diferent versions of encoding most private keys. There is a key specific format and the PKCS#8 version. The version nbumber you are referring to is the PKCS#8 version field and not the EC version field. Perhaps the other software doesn't support PKCS#8 format? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
