> From: [email protected] On Behalf Of Dr. Stephen Henson > Sent: Wednesday, 02 January, 2013 11:13
> On Mon, Dec 31, 2012, Sial Nije wrote: > <snip: ECDSA created with ecparam -genkey and encrypted with ec -aes128 used old EVP_BytesToKey PBKDF1-mostly/md5 even in FIPS mode which fails to read it back because md5 is unapproved> > > Ugh, that's a bug. OpenSSL should switch to PKCS#8 format in FIPS mode and > just work. It does that in OpenSSL 0.9.8 but the relevant code didn't make > it into the FIPS capable 1.0.1 and later. > > I'll look into fixing it. > > Workaround for now is to convert to PKCS#8 format manually (as mentioned in > other replies). > Or use 'pkey' to encrypt, or 'genpkey' to generate encrypted to start with; both always use PKCS8 with PBKDF2/sha1. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
