[openssl-dev] OpenSSL and certain PEM formats
Sean Leonard
dev+openssl at seantek.com
Fri Dec 19 10:33:10 UTC 2014
On 12/18/2014 4:41 AM, Salz, Rich wrote:
> Are you trying to be proscriptive (say what people should use) or descriptive (document what is in use)?
>
> Yes, PKCS8-based PRIVATE KEY is better. But RSA PRIVATE KEY is in (wide) use and should be described.
I am trying to be proscriptively descriptive about what is in use and
will lead to (continued) interoperability.
In the case of the * PRIVATE KEY labels, not a lot of crypto software
supports it. The two biggest ones that I know of are OpenSSL and
PolarSSL. (To my knowledge PolarSSL only supports "RSA PRIVATE KEY" and
"EC PRIVATE KEY"--all others need to be in "PRIVATE KEY" PKCS #8
format.) These two OSS implementations may in fact "dominate" the market
but only a certain market segment (namely web servers, and by extension,
the web interfaces to web servers by web hosting companies). If you want
to import a private key into Mac OS X, Mozilla NSS, Microsoft CryptoAPI,
or the Java VM, you need to package it up (typically with a certificate)
in a PKCS #12 file.
PKCS #1 is an IETF (adopted) standard but PKCS #1 doesn't prescribe the
"RSA PRIVATE KEY" label; it only defines the ASN.1 (BER/DER)
representation. And PKCS #1 is no more or less a standard than the other
IETF documents for the other key types, like Diffie-Hellman, ECC, etc.
Anyway, the document was approved so it should be published with *minor*
changes as an RFC soon. I am loathe to add new labels/formats; I am not
convinced the threshold is met here.
Cheers,
Sean
More information about the openssl-dev
mailing list