[openssl-users] Need help encrypting my ca.key

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 6 05:37:25 UTC 2015 

On Tue, Jan 06, 2015 at 12:23:35AM -0500, Jeffrey Walton wrote:

> Use -outform to control the output encoding. I think the two values of
> interest are DER and PEM.

What actually matters are multiple ASN.1 key formats.  Whether the
ASN.1 is raw binary or packaged in PEM is secondary.

    $ openssl genrsa 512
    -----BEGIN RSA PRIVATE KEY-----
    MIIBOwIBAAJBALo6pp7yqc3Yb/NnBzr7SXJZ9ZdiSaxVs3CCuJJYyF2WLGsj/Ku/
    9konSOGXmu0Jgyj0PvaF6w8ahuSt9DrUSm0CAwEAAQJAGovNwI6awer+WlXvY+r6
    F0DXj1LFabl1sK4RnVrmhOBrAuakW+k6TCDlFD6dn6atL5eUtpfx9LJqEzDKNeF/
    CQIhAOBTVljS6gi44fNv6eV1WvnshWxm998gg4vZdYRtaAWHAiEA1IY/VBa5JiUp
    BUk9ahoCefARGG8XbkqndMeC00Hk7WsCIQCZl3Xfi0nCfxP14gJ7oUaRKGiSOE4u
    78whzNqxuVcnsQIgaGBim+7pEfXwNpto4UJS8wZXrxNog4+AvNb7xru3Lm8CIQCO
    wYET4FCkEz4HQQ6ldz32dp9mjny4g65pXzGgDI4VUw==
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 512 | openssl pkey
    -----BEGIN PRIVATE KEY-----
    MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA1YPZYCY0C70K3Pfp
    OloIoOyUlqosTI3TlWs9UkH+qbi3Tpt67X+hMy0Jh67Zur5pzbDJ+oP7n7snYzCv
    WH+9KQIDAQABAkBqmKPa09fiEGQvA3omDrMGHHbmbVkmcxwyGdMIkTgh5NPFNSLO
    /ZGK6WtjwAiDjTTAzOpFZyhC9FqFyk8ZNbtxAiEA82KP3RccwBkAAterVBLfcjZ/
    RxAAou47Xb8MQuTeg70CIQDglPJ2LPNDTs9AL6+M+4GLN7Gd0CxoFSq2HmGOE3a/
    3QIhAIWdh5N+G8eOMgZddm6Kiec+6fMOYvsPxMG7n7Sdx1cVAiBGO25DtLTylJ/N
    k9wTe8e8UNNz5dktR4lO4NtjQgT95QIhAIfTJUtxbp5pnDD1MY1VdSdFb+r9pYBd
    Wv5nsvJuR+kj
    -----END PRIVATE KEY-----

The second of these is PKCS#8, the ASN.1 encoding contains an
algorithm identifier wrapped around the key data in the second case.

    $ openssl genrsa 512 2>/dev/null| openssl asn1parse
	0:d=0  hl=4 l= 314 cons: SEQUENCE
	4:d=1  hl=2 l=   1 prim: INTEGER           :00
	7:d=1  hl=2 l=  65 prim: INTEGER           :F778575DCAA1A82AFC543BB9BB2C78AD7C65E75BA1AEC2042474E3FB11D309C8F86158327E18FF8C169DD85431CFFDFF7AC2044B023FBFCA6FFBB003A1BD7A4F
       74:d=1  hl=2 l=   3 prim: INTEGER           :010001
       79:d=1  hl=2 l=  64 prim: INTEGER           :4B6C2C0473EB8D1B7CC81763E5FE09D1A62650BB06AE0287CCACAB872BC98C2350D2E35AF5B8D46C0969791A8750E329B233C7C62360CB20237505A67ACC3501
      145:d=1  hl=2 l=  33 prim: INTEGER           :FCE7B9C91BF6DDBC3A097674B541B079872B5A07F6EB5D6715A5F356BEBF3841
      180:d=1  hl=2 l=  33 prim: INTEGER           :FA7F96CCEDEA1F156EBF42A03E670D5476327068951237E0483FA07C2D798E8F
      215:d=1  hl=2 l=  33 prim: INTEGER           :8D705B2AEA04CA45767FCC4BC10317DB1F895334991750895246192D2E486B01
      250:d=1  hl=2 l=  32 prim: INTEGER           :76CB9B508463CB69F6A36D8D610AAE1FA80E3390E561466E6ED4FDDEE61207B1
      284:d=1  hl=2 l=  32 prim: INTEGER           :3EFC405C0EF05DBBB15060BC6026DED2D9BAC7EA74C5E78E0DA1118D5DB2057C

    $ openssl genrsa 512 2>/dev/null| openssl pkey | openssl asn1parse
	0:d=0  hl=4 l= 341 cons: SEQUENCE
	4:d=1  hl=2 l=   1 prim: INTEGER           :00
	7:d=1  hl=2 l=  13 cons: SEQUENCE
	9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
       20:d=2  hl=2 l=   0 prim: NULL
       22:d=1  hl=4 l= 319 prim: OCTET STRING      [HEX DUMP]:3082013B0201000241009490922BEE6320FEC958EC6CCAAB7844A1A6DF4C7A76E4CB2845C6A4FC324487312BE187CD10749E4A29A105F23B19E927AB1A347C668BF3C96C6C407F66FA43020301000102405707258974993F3FE1C524A24A4B0E25EE2829D0CC408FA06ED4091CA6DBEF85FA06C77BC0CCD9239C93A746857AB7AB8773D5D7B43A38C1DDAC208B71C9EE79022100C5DC2867DBDD1DE355001E9A174DE0B344CB202FD36F7BB16D3DAED8A596675F022100C038388D144730C58C781BDE93B8C1C112452F5FB0038F54132020DA11978B9D022100A5D4AFC8DC6DA6EF31FEB7A74E80E723593525F4EFB1306AB4B44E272621B8E1022033B3EBA226FE2F2433F06AAEA7D55E686C5DA7AC794FBBD1C58332D2F5406A11022100A9F30E296B6981C28607E03B5BD07CE437D67FD0EC698AC6390B07477BF221AC

    $ openssl genrsa 512 2>/dev/null| openssl pkey | openssl asn1parse -strparse 22
	0:d=0  hl=4 l= 314 cons: SEQUENCE
	4:d=1  hl=2 l=   1 prim: INTEGER           :00
	7:d=1  hl=2 l=  65 prim: INTEGER           :BAD0B8BB3BC5919E1D74F913B1702DDC838E1ACDB43465C3786BF825464573F1C9E7FE775A0DC4CE65BFF689A1ACA87B48250FF541638F97A237051E50619C5F
       74:d=1  hl=2 l=   3 prim: INTEGER           :010001
       79:d=1  hl=2 l=  64 prim: INTEGER           :41D9A2D434CC7E78CA8F59E0EC31CBA8A822A6260E384E0AA9DEFD183E7DEAD11C8644271246A116FE870875B13010FE71F3E55BA5BD98A4C4B380F2A664AE41
      145:d=1  hl=2 l=  33 prim: INTEGER           :E1F5F199701FFFE8C18C4F0683A18F165877C52C6E09B785B332999248D07E61
      180:d=1  hl=2 l=  33 prim: INTEGER           :D3A68DC15442FEB6FDCC2F19C7276391EAF0F437FF300FBDA728F8BFCCC092BF
      215:d=1  hl=2 l=  33 prim: INTEGER           :BEAF98C54DD413584F0DA31AF23682D3EEB0945A9C39E300176B9A21D304EFC1
      250:d=1  hl=2 l=  32 prim: INTEGER           :106987F087F232024AA7FCB709047AEA23C7CF8850179000EAE7787297140FCD
      284:d=1  hl=2 l=  32 prim: INTEGER           :0B401B54C892FD9A9059215E35ADAF2E86820B5616F80F19FCC71E7A81700701

-- 
	Viktor.

More information about the openssl-users mailing list