Also I found that this works fine with openssl 1.0.1 Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and 1.0.1? -----BEGIN DSA PRIVATE KEY----- Thanks, Anamitra On 6/12/13 12:01 PM, "Anamitra Dutta Majumdar (anmajumd)" <anmaj...@cisco.com> wrote: > >We are using OpenSSL version 0.9.8l > >And what we find is that the DSA private key formats are different in FIPS >and non-FIPS mode > >In FIPS mode it starts with >-----BEGIN PRIVATE KEY----- > >Whereas in non-FIPS mode it starts with > >-----BEGIN DSA PRIVATE KEY----- > >I understand that this is expected since the "traditional" format relies >on MD5 which is prohibited in FIPS mode > >However for our application to work with the SSH keys we would need it in >the traditional format in FIPS mode >Is there a way to override this default behavior and still be able to >generate the keys in the traditional format. > >Any pointers would be greatly appreciated. > >Thanks, >Anamitra > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
