[openssl-users] [openssl-dev] Is there openssl API to verify certificate content is DER or PEM format ?

Dave Thompson dthompson at prinpay.com
Thu Jun 11 10:03:39 UTC 2015


> From: openssl-dev On Behalf Of Nayna Jain
> Sent: Wednesday, June 10, 2015 20:31

> If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?

If it uses a "legacy" format, the BEGIN line specifies the algorithm
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----

If it uses either PKCS#8 format: if unencrypted there is an
AlgorithmIdentifier 
field near the beginning that specifies the type of the key; if encrypted,
you 
must first decrypt and the decrypted value contains the AlgorithmIdentifier.

It's usually easier to let PEM_read_PrivateKey figure out for you. It reads
all 
formats (encrypted only if you provide the correct passphrase) and returns 
an EVP_PKEY object whose type you can check with EVP_PKEY_type 
following the instructions on the manpage for EVP_PKEY_type.





More information about the openssl-users mailing list