Thanks Stephen. I was not aware other implementations used both forms. What
if OpenSSL implemented one of these options:
1) Don't change p12_key.c. Don't change the default behavior of pkcs8.c.
But at least add a command line option to pkcs8.c (-stdemptypw) to be
standard-compliant (make P empty).
The "openssl pkcs8" CLI tool fails to properly decrypt a file containing an
EncryptedPrivateKeyInfo structure encrypted with an empty password (see
error below). This happens when a PKCS #12 algorithm is used (such as
PBE-SHA1-3DES); I have not investigated PKCS #5 algorithms. I hit this bug
when a
Seeing the "bugs" directory in the openssl tarball, I thought you
might be interested to know that gcc-3.0 contains a bug that is
triggered in the PEM_get_EVP_CIPHER_INFO() function...
Here is the problem:
$ ssh-keygen -t rsa -N abcde
then
$ ssh-keygen -t rsa -P abcde -p
should
