[openssl-users] suggested enhancement documentation or warning for pkey command line tool

Michel michel.sales at free.fr
Tue Oct 27 19:32:07 UTC 2015

Thanks Viktor for your answer, and Jakob for clarifying my thought.
My english isn't good enough to argue with both of you, but obviously, I do
agree with what you have proposed.


-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Jakob Bohm
Envoyé : mardi 27 octobre 2015 02:21
À : openssl-users at openssl.org
Objet : Re: [openssl-users] suggested enhancement documentation or warning
for pkey command line tool

On 26/10/2015 14:02, Viktor Dukhovni wrote:
> On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
>> I believe it might be usefull to remind in the documentation that the
>> -cipher argment for openssl pkey command line tool is silently ignore
>> combined with -outform DER.
>> May be it is worth to add a warning too ?
> I think a fatal error would be appropriate.  If you want encrypted
> DER keys, you'll need PKCS#8 or PKCS#12.
But the issue is how to make the key conversion command
in the openssl command line tool encrypt the output file,
not which encryption format it should use.

More specifically, the issue is that the currently
recommended command "openssl pkey", allegedly silently
omits the encryption when told not to Base64 encode the
encrypted key, which is complete nonsense and would be
considered a security issue in any other tool.

I see no particular reason why the "openssl pkey" command
should not encrypt the key in exactly the same way as it
does when Base64 encoding the key, in other words the
difference between -outform DER and -outform PEM should be
*only* the Base64 encoding and the associated decorative
text lines.

Doing something highly dangerous (outputting a private key
unencrypted contrary to user request) in response to an
unrelated option (-outform DER) is a really bad thing.

While on this subject, it would be most useful if all the
openssl command line tools that can output private keys
supported the same command line options to indicate
encryption or lack thereof, specifically, those commands
that currently default to unencrypted should still accept
the "-nodes" command, and should complain if invoked with
the "-passout" option but no encryption request.  5 to 10
years later, it should then be possible to change the
default to encrypted, confident that adding explicit "-nodes"
to scripts and examples will not fail on any reasonably
maintained systems (including systems where openssl is built
by some upstream OS maker).


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list