Keith Johnston wrote:
>
> The encrypted format of the RSA private key looks like this:
>
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,EBC485A7EC86234E
>
> DaJXL3PFfg4tFWi1hM1aLrbtTMWHLUHFC0u+eKf/Mp/As9TqGtb6hZeULTIcje82
> bIb5U3O53W9l248x9vr2Zw3ACI7HLG7tMzBEjoaYb375CgXnhpF6pqg7KOL6/TiR
> +L1L7uYJxA+kdQASU/bfvzgOOQsY96DyBNH2Ug3Odsneo4V4LwAA0hRp/7HntJ3v
> b93Rkjkc1OPdX4kwLXFyYkUsMZAFhtIdngE51WMyAw7QdDX04cSEaQSbmUDgaZII
> JT15k8nV8zsyABPGHNg3NUrGywC1NWuENSk8HSKDya9LnEYzkgESMHCjE64U66S4
> B3bIx//el1Agv03J/JZ3di1hAA7IAFA3u/XNti8VwOsvffXQOWykGoJCBvZpieWZ
> +Bok++ZP0Byrbkxq2j7JZrEprZLfyabkqYtrEbrtsZA=
> -----END RSA PRIVATE KEY-----
>
> I'm trying to use another program to generate a private key in this format.
>
> - What is the "4,ENCRYPTED"? Is it ever anything else?
> - How is the salt for the PBE stored? Or is it?
>
This is a legacy from SSLeays days, it uses a non standard key
derivation algorithm and various other things. Check out the stuff in
crypto/pem and crypto/evp to see what is going on.
If you want follow a standard you can use PKCS#8 format combined with
PKCS#5 password based encryption in the latest OpenSSL snapshots. Check
out the info on www.rsa.com for more info.
PKCS#8 isn't supported in any of the release versions yet though.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
