The difference is “auto private key” versus “RSA private key.”
> -BEGIN PRIVATE KEY-
This is a private key wrapped in a PKCS8 container with a key-type identifier.
root@Test-MCP:/usr/local/etc/HD-MCP/ssl/x # openssl rsa -inform pem -in
test.key -outform der -out key.der
writing RSA key
On 12/28/2017 18:31, Salz, Rich via openssl-users wrote:
>
> It is hard to follow this thread with all the indenting.
>
>
>
> > If I take a PEM-encoded RSA private key file and convert it to
> binary (using b64decode) what I get is not the same thing as I get
> from "openssl rsa -inform pem -in
It is hard to follow this thread with all the indenting.
> If I take a PEM-encoded RSA private key file and convert it to binary (using
> b64decode) what I get is not the same thing as I get from "openssl rsa
> -inform pem -in key -outform der -out key.der".
How do you convert it? Did you str
On 12/28/2017 16:57, Karl Denninger wrote:
> On 12/28/2017 16:15, Karl Denninger wrote:
>> On 12/26/2017 14:07, Kurt Roeckx wrote:
>>> On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
> So if you put locks around the S
On 12/28/2017 16:15, Karl Denninger wrote:
> On 12/26/2017 14:07, Kurt Roeckx wrote:
>> On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
>>> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
So if you put locks around the SSL_CTX object when it’s used, then you
can u
On 12/26/2017 14:07, Kurt Roeckx wrote:
> On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
>> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
>>> So if you put locks around the SSL_CTX object when it’s used, then you
>>> can use the set private key call to update the key; an
On 12/26/2017 14:07, Kurt Roeckx wrote:
> On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
>> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
>>> So if you put locks around the SSL_CTX object when it’s used, then you
>>> can use the set private key call to update the key; a
On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
>
> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
> >
> > So if you put locks around the SSL_CTX object when it’s used, then you
> > can use the set private key call to update the key; and then all
> > SSL_new objects after
On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
>
> So if you put locks around the SSL_CTX object when it’s used, then you
> can use the set private key call to update the key; and then all
> SSL_new objects afterwards will use the new credentials. Does that
> meet your need?
>
Yes, that
On Tue, Dec 26, 2017 at 12:38:32PM -0600, Karl Denninger wrote:
>
> What I'm trying to figure out is the "best" way to handle this.
> SSL_CTX_use_PrivateKey accepts a EVP_PKEY pointer,
> SSL_CTX_use_PrivateKey_ASN1 takes an ASN1 structure of length len, but
> what is parameter "pk" (not explained
So if you put locks around the SSL_CTX object when it’s used, then you can use
the set private key call to update the key; and then all SSL_new objects
afterwards will use the new credentials. Does that meet your need?
> "is there a decent way to convert a PEM or DER private key file into ASN.1
So let's assume I have system A and B.
System A has some store of certificates and keys. We'll assume they're
in either PEM or DER format and OpenSSL generated them.
System B is going to get passed one or both via a mechanism (e.g. over a
TLS connection that it has validated as being "ok" with a
12 matches
Mail list logo
