On Mon, Jul 14, 2014, Martin Basti wrote: > Hi list, > > I have RSA encrypted private key as byte sequence, and I need to > export it as ASN.1 type EncryptedPrivateKeyInfo (RFC5958 section 3.) > > Currently I use the following code (shortened): > > unsigned char *pkey; //assigned encrypted primary key > priv_key_info = PKCS8_PRIV_KEY_INFO_new(); > aobj = OBJ_nid2obj(NID_id_aes128_wrap); > PKCS8_pkey_set0(priv_key_info, aobj, 0 /*version*/, 0/*param type*/, > NULL /*param val*/, pkey, pkey_len); > i2d_PKCS8_PRIV_KEY_INFO_fp(f, priv_key_info); > > The output is: > # openssl asn1parse -in privkeyinfo.out -inform der -i > 0:d=0 hl=4 l=1244 cons: SEQUENCE > 4:d=1 hl=2 l= 1 prim: INTEGER :00 > 7:d=1 hl=2 l= 11 cons: SEQUENCE > 9:d=2 hl=2 l= 9 prim: OBJECT :id-aes128-wrap > 20:d=1 hl=4 l=1224 prim: OCTET STRING [HEX DUMP]: .... > > Which is not ASN.1 type EncryptedPrivateKeyInfo, due the INTEGER > value (version). Output seems to be the OneAsymmetricKey type > (RFC5958 section 2). > > Is there any way, how to export encrypted key as > EncryptedPrivateKeyInfo DER? >
Normally the algorithm used for EncryptedPrivateKeyInfo is a password based encryption algorithm (PBE). The actual format for EncryptedPrivateKeyInfo is identical to DigestInfo which uses X509_SIG so that is reused. You don't have to set up the structure manually: that is tricky to get right. You can use i2d_PKCS8PrivateKey_bio if you want the PBES2 format or for the older version i2d_PKCS8PrivateKey_nid_bio. The older version typically uses weaker encryption algorithms so it is not recommended. To use those functions you first need to convert your RSA private key into an EVP_PKEY structure. You could use d2i_PrivateKey for that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
