query on PEM_write_bio_PKCS8PrivateKey

Matt Caswell matt at openssl.org
Mon Sep 27 10:10:35 UTC 2021

On 25/09/2021 06:06, SIMON BABY wrote:
> Hi Team,
> I have a query. I see the below API is used to write the private key in 
> encrypted PKCS#8 format.
> /
> /
> /
> PEM_write_bio_PKCS8PrivateKey()/ and /PEM_write_PKCS8PrivateKey()/ write 
> a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo 
> format using PKCS#5 v2.0 password based encryption algorithms.
> Do we have an API for converting the encrypted private key file to an 
> unencrypted private key file in PKCS#8 format?

The end of the quoted paragraph says:

"If I<cipher> is NULL then no encryption is used and a PKCS#8 
PrivateKeyInfo structure is used instead."

So simply supply NULL for the cipher argument to those same functions 
and you will get an unencrypted private key in PKCS#8 format.


More information about the openssl-users mailing list