On Wed, Feb 11, 2009, Bob Barnes wrote: > Kyle, > > Thanks for the response. Just to clarify a bit, our proprietary code is > simply a wrapper around the third party libraries, which are SSLPlus/BSAFE. > As far as I know they should be generating/storing the private key in a > standards compliant way. > > The first 2 lines of the private key are: > > MIICmDAaBgkqhkiG9w0BBQMwDQQIgeyJNiNcE90CAQUEggJ4arTMz0VmFuBiCw3P > 5LHhLjmOKpdTdby6Dy9BP34zrwL/7yKR+lt3cor+SzhH4vGedhD4SQafw4iM7+1j > > Can you confirm that my basic understanding as described in my first email > is essentially correct or am I out in left field someplace? >
Analysis of that data suggests it *should* be a valid PKCS#8 format key. The algorithm used is pbeWithMD5AndDES-CBC which is ancient and low security. That error message is usually caused by passing the wrong password. It is possible it might be due to a bad fromat key being produced by the other library. Without seeing a sample key (including password) it isn't possible to tell. If there is some way to use a different algorithm for encrypting the key (or not encryptiing it at all) I'd suggest you try that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
