[openssl-dev] [openssl.org #4544] [BUG] 'openssl pkcs8' command doesn't work as advertised
Stephen Henson via RT
rt at openssl.org
Mon May 23 21:37:16 UTC 2016
On Fri May 20 10:26:56 2016, slimshady007 at gmail.com wrote:
>
> I'm glad I was able to get the desired result with the workaround, but
> the
> pkcs8 command does not work as advertised. I tried it with encrypted
> keys and
> got the same result that way as well.
The bug is in the documentation. The pkcs8 command writes private keys with
PEM_write_bio_PrivateKey() which used to use "traditional" format. Tthat
function got updated to use the more secure PKCS#8 encrypted format but the
documentation wasn't fixed to reflect that and there was no equivalent to
PEM_write_bio_PrivateKey() which used traditional format.
The master branch has a fix for this: the pkcs8 and the pkey commands now have
a -traditional command line switch which forces traditional format.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4544
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list