On Fri, Oct 08, 2010, [email protected] wrote: > Thank you Steve, > > I had problem in creating certificate and key in FIPS mode. With your > suggestion now I am able to create FIPS supported certificate > > When I create it with a passphrase the key looks as below > > -----BEGIN ENCRYPTED PRIVATE KEY----- > MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIKdsTY4y2xlsCAggA > ..<snip> > toGSfl42MUwLRpuoYfQ/WFNVMKUr78WqrFHd1VV1VCAnaFi95seEJKqE > -----END ENCRYPTED PRIVATE KEY----- > > Now it fails at "PKCS8_decrypt" in "PEM_read_bio_PrivateKey". I verified > that passphase returned by the cb is as same as the one that I used to > create the certificate. Any hint if I miss something in the key > generation > > The command I used to create this key is > > ./openssl req -x509 -days 1460 -newkey rsa:1024 -keyout wv-key.pem -out > wv-cert.pem > > If I create the key with out passphrase then the code hits this snippet > of the code (PEM_read_bio_PrivateKey) and works fine > .. > .. > p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); > if(!p8inf) goto p8err; > ret = EVP_PKCS82PKEY(p8inf); > .. > .. >
Have you included OpenSSL_add_all_algorithms() in your code? If so then see the FAQ for details of how to print out error messages. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
