On Mon, Aug 21, 2017 at 03:43:05PM +, Salz, Rich via openssl-users wrote:
> ➢ But if I use format=der I do not get prompted for the password.
>
> DER does not support encryption. The bug is that the command does not tell
> you this.
There is at least one standard encryption-capable
On 08/21/2017 11:52 AM, Salz, Rich wrote:
➢ OK. And why does DER not support encryption
Because it is not defined. If you want to encrypt keys, you need to use PKCS12
which might be too much for your application.
If a device has secure storage, it does not need to encrypt its private
Probably I misunderstand the context, since PKCS#8 can be used to
encrypt EC private key info, some more info at
https://tools.ietf.org/html/rfc5915. Which doesn't help the OP if the
openssl CLI doesn't support it.
On Mon, Aug 21, 2017 at 8:52 AM, Salz, Rich via openssl-users
➢ OK. And why does DER not support encryption
Because it is not defined. If you want to encrypt keys, you need to use PKCS12
which might be too much for your application.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 08/21/2017 11:43 AM, Salz, Rich via openssl-users wrote:
➢ But if I use format=der I do not get prompted for the password.
DER does not support encryption. The bug is that the command does not tell you this.
OK. And why does DER not support encryption? Actually, I can see
working
➢ But if I use format=der I do not get prompted for the password.
DER does not support encryption. The bug is that the command does not tell you
this.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If I use format=pem in the following:
openssl genpkey -outform $format -aes256 -algorithm ec -pkeyopt
ec_paramgen_curve:prime256v1 \
-pkeyopt ec_param_enc:named_curve -out private/ca.key.$format
the private key is password protected.
But if I use format=der
I do not get prompted for the