On Tue, Jul 06, 2004, Marquess, Steve Mr JMLFDC wrote:
> On Friday, July 02, 2004 4:52 PM Dr. Stephen Henson wrote:
>
> >OpenSSL already supports various private key formats which only use FIPS
> >approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> >solution is to just change the behaviour of PEM_write_PrivateKey() and friends
> >to call the PKCS#8 variants. The openssl pkcs8 utility can readily convert
> >between the formats.
> >
> >The read version PEM_read_PrivateKey() automatically works out the format so
> >it doesn't need to be changed.
>
> So you're saying just have PEM_write_bio_PrivateKey drop through to
> PEM_write_bio_PKCS8PrivateKey in FIPS mode? That could work. I suppose I
> could do the same substitution at the application level as well, in lieu of
> hacking OpenSSL.
>
Yes, you'd also need some related calls which modify
PEM_wriet_bio_RSAPrivateKey() and related calls. Nothing too difficult though.
> I was able to convert OpenSSH PEM format keys to PKCS#8 easily enough using
> openssl pkcs8, but how do I convert the PKCS#8 back to the original format?
>
Well the first way is to do nothing: the OpenSSL private key code will
transparently handle PKCS#8 PEM format so no conversion is really needed.
The other way is:
openssl pkcs8 -in p8key.pem [encrypt options] -out key.pem
or
openssl {rsa,dsa} -in p8key.pem [encrypt options] -out key.pem
> >The second alternative is to modify the PEM headers to include a string saying
> >that SHA1 is the digest algorithm used and to recognize this in both FIPS and
> >none FIPS modes.
>
> Ok, I'll do a patch that uses MD5 as before for "Proc-Type: 4,ENCRYPTED" and
> SHA1 for "Proc-Type: 4,ENCRYPTED,SHA1". It looks like PEM_get_EVP_CIPHER_INFO
> is going to need a third argument, though. Will that be a problem?
>
Actually now I think of it I'm not really very keen on that approach. It would
involve inventing a non-standard OpenSSL specific format which was unusable in
any previous versions of OpenSSL or any other software.
With PKCS#8 you get a format that any version of OpenSSL can handle (except
for very ancient ones) its more standard and more secure. In actual fact I've
been meaning to make PKCS#8 the default format for OpenSSL private keys for
some time for those very reasons.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
