[openssl-users] [openssl-dev] Is there openssl API to verify certificate content is DER or PEM format ?
Dave Thompson
dthompson at prinpay.com
Thu Jun 11 10:03:39 UTC 2015
> From: openssl-dev On Behalf Of Nayna Jain
> Sent: Wednesday, June 10, 2015 20:31
> If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
If it uses a "legacy" format, the BEGIN line specifies the algorithm
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
If it uses either PKCS#8 format: if unencrypted there is an
AlgorithmIdentifier
field near the beginning that specifies the type of the key; if encrypted,
you
must first decrypt and the decrypted value contains the AlgorithmIdentifier.
It's usually easier to let PEM_read_PrivateKey figure out for you. It reads
all
formats (encrypted only if you provide the correct passphrase) and returns
an EVP_PKEY object whose type you can check with EVP_PKEY_type
following the instructions on the manpage for EVP_PKEY_type.
More information about the openssl-users
mailing list