Stephen Henson wrote:
> Keith Johnston wrote:
> >
> > The encrypted format of the RSA private key looks like this:
> >
> > -----BEGIN RSA PRIVATE KEY-----
> > Proc-Type: 4,ENCRYPTED
> > DEK-Info: DES-EDE3-CBC,EBC485A7EC86234E
> >
[...]
> > -----END RSA PRIVATE KEY-----
> >
> > I'm trying to use another program to generate a private key in this format.
> >
> > - What is the "4,ENCRYPTED"? Is it ever anything else?
> > - How is the salt for the PBE stored? Or is it?
The IV (last bytes in the DEK-Info line) is used as salt for the key
generation and as IV for the CBC-mode.
> >
>
> This is a legacy from SSLeays days, it uses a non standard key
> derivation algorithm and various other things. Check out the stuff in
Well, basically a MD5 hash of the password bytes and the salt is used as key.
(the hash is updated with the previous hash, the password bytes and salt until
enough keybytes are generated)
> crypto/pem and crypto/evp to see what is going on.
see crypto/evp/evp_key.c --> EVP_BytesToKey for key generation
>
> If you want follow a standard you can use PKCS#8 format combined with
> PKCS#5 password based encryption in the latest OpenSSL snapshots. Check
> out the info on www.rsa.com for more info.
>
> PKCS#8 isn't supported in any of the release versions yet though.
>
> Steve.
Hope this helps,
Harald.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
