I've generated a trivial 1024-bit RSA key using RSA's Crypto-J CertReqTool.
The tool doesn't offer an
opportunity to create the key unencrypted (I don't think), but when it
prompted for a password I entered a blank. Tell me what you think. It would
be nice to use Crypto-J-generated keys/certs w/ openssl & vice versa.
-----Original Message-----
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 23, 2000 3:17 AM
Subject: Re: PKCS8 question
>[EMAIL PROTECTED] wrote:
>>
>> Actually, this doesn't work. This is a question I've been wanting an
answer to for a while: Whenever you create a CSR w/ a tool like RSA's (or
with a server like Netscape that uses RSA's code), the private key is
generated as a DER encoded PKCS8 file of 670 bytes (for a 1024 bit RSA key).
But you can't ever seem to use this w/ the OpenSSL code (at least as far as
I've been able to learn).
>>
>> The code below might work (if it included the x509 option) for a cert,
but never for a key. I've tried openssl pkcs8 ... and all its flavors but
never found anything to work. Anyone got the solution?
>>
>
>Try this for an unencrypted PKCS#8 RSA key:
>
>openssl pkcs8 -inform DER -nocrypt -in p8key.der -out key.pem
>
>if this doesn't work and you can create a sample private key (nothing
>important!) then please mail me a copy and I'll look into it.
>
>Failing that try doing:
>
>openssl asn1parse -inform DER -in p8key.der
>
>and posting the result.
>
>Steve.
>--
>Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
>Personal Email: [EMAIL PROTECTED]
>Senior crypto engineer, Celo Communications: http://www.celocom.com/
>Core developer of the OpenSSL project: http://www.openssl.org/
>Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
new.key
