Two questions actually. I've been able to read and write most objects using both the PEM bio and i2d/d2i functions. I know I can write an encrypted PKCS8 file with PEM_write_bio_PKCS8PrivateKey(). How do I read encrypted PKCS8 files? I can read unencrypted files with PKCS8_PRIV_KEY_INFO but have been stumped by the encrypted file. Obviously 'openssl pkcs8 ...' can do it but maybe I'm overlooking a source of documentation. Otherwise it's a dive into the source code. Second question - can I parse encrypted PKCS8 files without decrypting it? I know the traditional keys have to be decrypted (and thus parameter-less readers can't use encrypted files) but I thought PKCS8 was a container and it was possible to parse the object without the password. Does this involve X509_SIG? I noticed that the i2d/d2i PKCS8 functions work with X509_SIG objects. Thanks, Bear -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141230/65cdd28d/attachment.html>
