Ken Goldman kgoldman at
Thu Aug 19 21:48:20 UTC 2021

On 8/17/2021 9:47 PM, Sands, Daniel via openssl-users wrote:
> The dump you show below is:
> Attributes (set, tagged with a 0, optional)
> Version
> privateKeyAlgorithm
> privateKey
> This is a PKCS#8 packet for a key.  The encapsulated data is the RSA public key in PKCS1 format.  I know OpenSSL has built-in PKCS#8 capability, though I do note that the optional attribute set is out of sequence.
> Either way, you could look at the PKCS8 source code and simply move the attribute to the beginning and otherwise duplicate the ASN1 parts and structure there, even if OpenSSL fails to parse this not-quite-spec packet.

For the record, it was an inconsistency - ASN1_SIMPLE requires a pointer, ASN1_EMBED does not.

I used the example in x_x509.c, which uses EMBED, but I could not find the corresponding typedef.

(I have no opportunity to change the input.  It comes from a standard HSM.)

More information about the openssl-users mailing list