On Tue, Mar 09, 2010, Anand Giriraj wrote: > Hi Folks, > Would appreciate some responses for the questions below. > > Most importantly- > > I see the following note in > http://www.openssl.org/docs/apps/pkcs8.html > "The format of PKCS#8 DSA (and other) private keys is not well documented: > it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA > PKCS#8 private key format complies with this standard. " > > *Are the private keys for DSA (generated using the openssl API i mention in > my emails below) encoded using any of the PKCS formats?. Is it PKCS8?* >
The keys are generated in an internal format which is used by OpenSSL i.e. a DSA structure. It is only when you come to encode the key that the format is relevant. If you want to output PKCS#8 format you should first convert the structure to an EVP_PKEY structure. Then if you want PEM format call: PEM_write_bio_PKCS8PrivateKey() or similar. If you pass NULL as the encryption algorithm you get unencrypted format or non-NULL will encrypt it. If you want encrypted DER form call i2d_PKCS8PrivateKey_bio() or for unencrypted call i2d_PKCS8PrivateKeyInfo(_bio). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
