Using the library to encrypt a RSA private key compatible with Web Crypto API (PBKDF2)
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jul 23 16:38:05 UTC 2020
On Thu, Jul 23, 2020 at 03:04:30PM +0000, Claude Robitaille wrote:
> Now, for sake of completeness, if I wanted to do the opposite, i.e.
> decrypt a key, I guess the steps are the same, using
> PEM_read_bio_PKCS8 at the end. Except that the salt and IV must be
> extracted from the PEM string. What is the function to do that?
Reading is much simpler:
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
Just set pass = "sesame" and call:
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio_in, NULL, NULL, pass);
It is possible to use the PKCS8 routines explicitly with:
PKCS8 *PEM_read_bio_PKCS8(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
as follows:
X509_SIG *p8 = PEM_read_bio_PKCS8(bio_in, NULL, NULL, NULL);
PKCS8_PRIV_KEY_INFO *p8inf = PKCS8_decrypt(p8, pass, strlen(pass));
EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
but there's little reason to do that. The PBE algorithm, salt and IV
are handled internally.
--
Viktor.
More information about the openssl-users
mailing list