On Mon, 2012-11-05 at 17:44 +0100, Stephen Henson via RT wrote: > > [[email protected] - Tue Oct 30 17:34:05 2012]: > > > > Description of problem: > > Running > > > > $ openssl genpkey -genparam -outform DER -out dh_params.der -algorithm > > DH > > > > generates data in the PEM format instead of the requested DER format. > > > > Version-Release number of selected component (if applicable): > > openssl-1.0.0j-2.fc17.i686 > > > > Steps to Reproduce: > > 1. run command from the description > > 2. run 'file dh_params.der' > > > > Actual results: > > ASCII text > > > > Expected results: > > data > > > > Additional info: > > Deprecated (according to openssl(1)) command > > > > $ openssl dhparam -outform DER -out dh_params.der > > > > works as expected. > > > > When the pkey utilities (and associated functions) are presented with a > file they have to automatically decide which algorithm to use. This is > fine for public and private key formats which include the algorithm OID > in the associated structures (SubjectPublicKeyInfo or PKCS#8) or the PEM > headers for older private key formats. > > In the case of parameters there isn't a DER format that includes the > algorithm type as an OID, just the PEM format where the algorithm to use > is part of the headers. > > Steve. I'm sorry, but I still don't get why: $ openssl genpkey -genparam -outform DER -out dh_params.der -algorithm DER
cannot work the same way as: $ openssl dhparam -outform DER -out dh_params.der And if it really can't, at least some note in the genpkey(1) man page would be nice. -- Vratislav Podzimek Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
