[openssl-users] Differences in openssl 0.9.8 and 1.0.1x for private pem key file
Jakob Bohm
jb-openssl at wisemo.com
Mon Dec 22 14:15:52 UTC 2014
On 22/12/2014 13:57, Dave Thompson wrote:
>
> At least for now; there is another thread started just a few days ago
> about all PEM formats used by OpenSSL suggesting the traditional
> privatekey forms are obsolete and maybe should be deleted!
Please don't do that until 5+ years after 0.9.8 end-of-life. Because
private keyswritten by 0.9.8 to securely stored offline media will
be using the old formatand need to be usable down the line. Most
certificates expire after 5 years orless though a few private keys
may be needed much later:
1. Decryption certificates/keys may be needed to decrypt data long
after the certificateexpired (in fact, as long as the data remains
relevant, think 30+ years for mortgagecontracts, 50+ years for
life insurance, and 140+ years for copyright disputes).
2. A few certs (e.g. CA roots and Android developer certs) have very
long (30+ years)certificate lifetimes, but those tend to be used
regularly over that period, givingplenty of opportunity to convert
the private key files.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141222/a96f2ed7/attachment.html>
More information about the openssl-users
mailing list