[openssl-dev] OpenSSL and certain PEM formats
Dave Thompson
dthompson at prinpay.com
Fri Dec 19 10:50:25 UTC 2014
> From: openssl-dev On Behalf Of Salz, Rich
> Sent: Thursday, December 18, 2014 07:42
> Are you trying to be proscriptive (say what people should use) or
descriptive
> (document what is in use)?
>
> Yes, PKCS8-based PRIVATE KEY is better. But RSA PRIVATE KEY is in (wide)
> use and should be described.
>
E.g. Wireshark uses -- or did when I looked a few versions ago -- only the
legacy RSA PRIVATE KEY form or PKCS12 not the PKCS8 PRIVATE KEY form.
(PEM_read_*PrivateKey silently handles either legacy or PKCS8, but
Wireshark doesn't use OpenSSL it uses GnuTLS.)
There are also legacy DSA PRIVATE KEY and EC PRIVATE KEY.
On the whole these algorithms and keys were not used as much as RSA
in the past (EC is now rising) but they were used and may still exist.
Technically there are legacy formats and IMPLEMENT_PEM routines for
specific RSA,DSA,EC PUBLIC KEY. But "PUBKEY" (SPKI) has been default
for at least 10 years, so these are probably very very little used.
More information about the openssl-dev
mailing list