Re: problem with -aes256 and -outform der in cmmand

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 08/21/2017 11:52 AM, Salz, Rich wrote:
➢ OK.  And why does DER not support encryption

Because it is not defined.  If you want to encrypt keys, you need to use PKCS12 which might be too much for your application.

If a device has secure storage, it does not need to encrypt its private key. It all depends on the architecture.

Or they can implement whatever works in their device to protect the keys.

The root CA is not a problem as it is offline except to make new intermediate CAs. In fact for Singapore, I hope to have the root CA be a mSD card with Fedora26 for a Cubieboard2. Pop the card in, and there is your root CA. And a different mSD card for the signing CA! I can do this all offline. Just put the CSR on a USB drive and insert it in one of the Cubie's USB ports and sign away!

I just need to document this all.  That is all.  :)

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux