Hi guys, I read up the standards for PKCS#5 v2.0 and I think when we are using openssl pkcs8 command to generate a pkcs#5 private key, the format returned is not according to the specification. According to https://tools.ietf.org/html/rfc2898#appendix-A.2: PBKDF2-params ::= SEQUENCE { salt CHOICE { specified OCTET STRING, otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} }, iterationCount INTEGER (1..MAX), keyLength INTEGER (1..MAX) OPTIONAL, prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } It seems like after iterationCount, both keyLength and prf is group under a new ASN1.Sequence, instead of all 4 under the same ASN1.sequence. This is the command I used: openssl pkcs8 -in key.pem -outform pem -topk8 -v2 aes256 -v2prf hmacWithSHA256 I'm wondering is this a bug or it needs to reference another specification? I can help fix it if it's a bug. Thanks.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
