Re: [PHP] 3DES w/ openssl_{csr,pkey}_new ?
RSA and DSA are different types of key formats. They do not imply protecting the private keywith an encryption algorithm. If you look at gendsa(1) or genrsa(1), you will see that passphrase protection is optional to both, and that there a good many choices. default_md is actually something from ca(1), it's the crypto signature algorithm for public keys / certificates, and really doesn't apply to private keys. I'll just look at the source code when I get to the office. ~BAS On Wed, 2006-05-24 at 01:54, Chris wrote: Brian A. Seklecki wrote: Does anyone know how to specify the encryption cipher used in this funciton as documented in OpenSSL's genrsa(1)? Why isn't the encryption method a value in [array configargs] ? -des|-des3|-idea These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. If none of these options is specified no encryption is used. Or is the encryption method a value that can be specified in config= and req_extensions= ? Right now generated private keys look like: -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FA81C573DFD21B7D Which is 3DES, but some systems support AES, IDEA, Blowfish, Twofish, It depends on the OpenSSL config. Idea? Read the documentation? Took me about 30 seconds to find this page: http://www.php.net/manual/en/function.openssl-csr-new.php Where it says: under private_key_type Specifies the type of private key to create. This can be one of OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or OPENSSL_KEYTYPE_RSA. The default value is OPENSSL_KEYTYPE_RSA which is currently the only supported key type. So you can't use any other type. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 3DES w/ openssl_{csr,pkey}_new ?
Brian A. Seklecki wrote: RSA and DSA are different types of key formats. They do not imply protecting the private keywith an encryption algorithm. If you look at gendsa(1) or genrsa(1), you will see that passphrase protection is optional to both, and that there a good many choices. default_md is actually something from ca(1), it's the crypto signature algorithm for public keys / certificates, and really doesn't apply to private keys. That's all nice but doesn't change the answer to your question - php only supports creating one type of key. If you want to create different types of keys then join the php-internals list and discuss it with them - maybe it'll become available in a future php version. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 3DES w/ openssl_{csr,pkey}_new ?
Brian A. Seklecki wrote: Does anyone know how to specify the encryption cipher used in this funciton as documented in OpenSSL's genrsa(1)? Why isn't the encryption method a value in [array configargs] ? -des|-des3|-idea These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. If none of these options is specified no encryption is used. Or is the encryption method a value that can be specified in config= and req_extensions= ? Right now generated private keys look like: -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FA81C573DFD21B7D Which is 3DES, but some systems support AES, IDEA, Blowfish, Twofish, It depends on the OpenSSL config. Idea? Read the documentation? Took me about 30 seconds to find this page: http://www.php.net/manual/en/function.openssl-csr-new.php Where it says: under private_key_type Specifies the type of private key to create. This can be one of OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or OPENSSL_KEYTYPE_RSA. The default value is OPENSSL_KEYTYPE_RSA which is currently the only supported key type. So you can't use any other type. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php