On Tue, 2016-12-13 at 13:09 +0000, Dr. Stephen Henson wrote: > The reason for that is that the PEM forms which contain > the key algorithm in the PEM header were considered legacy types and new > methods > should use PKCS#8 instead. So there was no way to set legacy PEM decoders to > discourage their use. > > In this case the reason is different: the header doesn't contain the algorithm > type but a string which an ENGINE can handle. So it isn't a "legacy format" > but a custom one. > > So if we wanted to go down this route all that is needed to get a form of this > functionality is a function to set the PEM decoder in EVP_PKEY_ASN1_METHOD.
I am not entirely averse to the idea of saying that TPM, at least as of 2.0, should have a wrapped-key storage format which is based in PKCS#8 rather than doing its own thing. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev