David Woodhouse <dw...@infradead.org> skrev: (23 november 2016 19:42:29 CET) >On Wed, 2016-11-23 at 17:00 +0000, Salz, Rich wrote: >> >> > FWIW I am perfectly content for applications *not* to automatically >work >> > with such keys. Making the user jump through extra hoops to use >them >> > would be perfectly fine in my book. >> >> oh I see. "Users shouldn't care, it should just work" But only for >some keys. >> >> Part of my I am opposed to guessing. > >For me it's the other way round. Magically detecting *that* particular >perfectly valid PKCS#1 RSA key is actually intended for the gem engine >would indeed be guessing. It's a bizarre abuse of PKCS#1 and it doesn't >seem reasonable for anyone to "guess" that without explicit direction. > >But for the sane and common cases of PKCS#1, PKCS#8, PKCS#12 and >similar files in both DER and PEM forms, for *those* it makes sense for >applications to Just Work. And it shouldn't really involve "guessing".
I take that as "recognizing what we decide to support". And as has already been mentioned, we already do that with d2i_AutoPrivatekey. Cheers Richard -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
