[openssl-users] Old "RSA_NET" key format

Jakob Bohm jb-openssl at wisemo.com
Wed Jul 8 18:47:43 UTC 2015

On 08/07/2015 20:23, Salz, Rich wrote:
>> 1. Is there any good reason to remove this code?
> Yes.  If it's not tested, reviewed, or in general use, then it's more likely to be harmful (source of bugs) than useful.
That's an overly general criteria, and may be the source
of your mysterious marauding of the APIs.

To objectively consider the potential harm of rarely used
code, one must clearly determine if there is any way this
code could be invoked inadvertently or remotely.  For
example the heartbeat code was obviously callable from
network packets (even if it had no bugs), so needed this
kind of cleanup, while the original eay DES API is only
invokable from code that knows about it, and would thus
not need to be removed for lack of use/testing.
>> 2. Is this the OpenSSL name for the private key format
>>     used by older Microsoft Authenticate tools (and thus
>>     sometimes converted to/from PKCS#12 when switching
>>     tool chains)?
> I think  only really old ISS, but that's why I asked.
I have no time to investigate, but I do not know the
origin of why the existing code would call it "RSA_NET".

I do know that the old format used by Authenticode was
the RSA specific variant of the CryptoAPI 1 structure
named simply PRIVATEKEYBLOB in Windows 2000
>> 3. Is this any of the formats used by SSH?
> No; the seven characters "RSA_NET" do not appear in the openssh source.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150708/d684a6c5/attachment.html>

More information about the openssl-users mailing list