>From: owner-openssl-us...@openssl.org On Behalf Of Sanjay Patnaik (sanpatna) >Sent: Friday, 12 October, 2012 16:29
>Is there any documentation available for functions like >PEM_read_PrivateKey, Pem_write_PrivateKey etc. On any correct Unix install you should have man pages. Or online at http://www.openssl.org/docs/crypto/pem.html# . But see below. >My problem is that I have an asn1 encoded data (DER format) in buffer x >which I have to use for getting a pkcs1 format private key. I assume this is an RSA key, otherwise PKCS1 cannot apply. >So using d2_X509_SIG, pkcs8_decrypt, EVP_PKCS82PKEY I can get the private key. Are you/someone really signing a privatekey? That's unusual. Unless you're just using it for integrity, even though PKCS8 can do its own password-based integrity. >Can I just invoke PEM_write_PrivateKey( fp, pkey, NULL,NULL, 0, NULL, NULL) >to get the pkcs1 encoded prvateKey ? In 0.9.8 or earlier yes. In 1.0.0 and later, the PrivateKey "preferred" format is a PKCS8 containing the PKCS1 for RSA (and other encodings for other algorithms, not applicable here) although I see the manpage hasn't been updated for this change. If you want only the PKCS1 in 1.0.0 or later, use EVP_get1_RSA then PEM_write*_RSAPrivateKey. (Equivalent to what 0.9.8 did.) You can similarly do either in DER with i2d_X[_bio,fp] . You can also explicitly do PKCS8PrivateKey in any version. For unencrypted that is the only difference. For encrypted privatekey, the encryption used for PrivateKey=PKCS8 is quite different from the encryption for "legacy" RSAPrivateKey. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
