On 12/17/2014 11:04 AM, Salz, Rich wrote:
Probably also worth documenting the legacy "RSA PRIVATE KEY" defined by openssl and used mainly in legacy pre-pkcs8 support
There is a paragraph on "algorithm agility"; the legacy labels (like RSA PRIVATE KEY) are not mentioned because for interchange, PKCS #8 is perfectly reasonable and is algorithm-agile.
IIRC, there are some implementations out there (by that I mean certain well-known certification authorities that I will not name) that specifically look for "RSA PRIVATE KEY", and measure key strength by looking at the length of the blob. This method prevents other algorithms (e.g., ECC) from being used, and when other algorithms (e.g., ECC) are used, the key gets rejected for no other reason than because the key appears to be too "small" and therefore weak.
Sean _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev