> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Friday, 25 January, 2013 12:21
> On Fri, Jan 25, 2013 at 05:10:03PM +0000, Viktor Dukhovni wrote:
>
> > On Fri, Jan 25, 2013 at 04:13:02PM +0000, Ken Allen wrote:
> >
> > > Hi All, I'm having a bit of a problem. I need to load a private
> > > key (EC, but I'm having the same problem with RSA) from an unecrypted,
> > > der encoded, ... file for now and it's simply not working.
> > If it is not encrypted, it is not really PKCS8, at least in the sense
> > that it is a different ASN.1 data structure, the code that works is:
> >
It is one of two structures defined by PKCS8, but not the one
OpenSSL names PKCS8PrivateKey .
> > - EVP_PKEY *key = d2i_PKCS8PrivateKey_fp(f, NULL, NULL, NULL);
> > + EVP_PKEY *key = d2i_PrivateKey_fp(f, NULL);
>
> I should perhaps mention that this is with OpenSSL 1.0 or later, which
> the OP is probably using given that he's using EC keys.
>
Not necessarily. 0.9.8 libcrypto supports EC keys and
operations fine. The difference is only in libssl where
0.9.8 has EC-using ciphersuites normally disabled, while
>=1.0.0 has them enabled. OP didn't say this is for SSL.
> In OpenSSL 0.9.8 d2i_PrivateKey_fp expects an RSA key.
>
0.9.8 d2i_PrivateKey_{fp,bio} guesses between bare RSA key or
DSA key (which can be converted for DH) or EC key, but not
PKCS8_PRIV_KEY_INFO which is what pkcs8 -topk8 -nocrypt writes.
>=1.0.0 d2i_PrivateKey_{fp,bio} additionally guesses that.
In all versions d2i_PKCS8_PRIV_KEY_INFO_{fp,bio} works for this
data, but you need EVP_PKCS82PKEY to convert the result.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
