On Mon, Aug 21, 2017 at 03:43:05PM +0000, Salz, Rich via openssl-users wrote:
> ➢ But if I use format=der I do not get prompted for the password.
>
> DER does not support encryption. The bug is that the command does not tell you this.
There is at least one standard encryption-capable ASN.1 private
key format, namely PKCS#8, and therefore a DER encoding thereof.
However, the (gen)pkey command does not support direct input or
output of encrypted PKCS8 in DER form. This is a reflection of
the underlying API.
---------------- Note, takes no password argument:
d2i_PrivateKey(3) OpenSSL d2i_PrivateKey(3)
NAME
d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
functions for reading and saving EVP_PKEY structures.
SYNOPSIS
#include <openssl/evp.h>
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length);
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
long length);
...
NOTES
All these functions use DER format and unencrypted keys. Applications
wishing to encrypt or decrypt private keys should use other functions
such as d2i_PKC8PrivateKey() instead.
---------------------- Note, takes a password argument:
d2i_PKCS8PrivateKey(3) OpenSSL d2i_PKCS8PrivateKey(3)
NAME
d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format
private key functions
SYNOPSIS
#include <openssl/evp.h>
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
So, while you can indirectly generate encrypted DER private keys:
$ openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 |
openssl pkcs8 -topk8 -v2 aes-128-cbc -outform DER -out key.der
.......................................+++
............+++
Enter Encryption Password:
Verifying - Enter Encryption Password:
$ openssl asn1parse -in key.der -inform DER
openssl asn1parse -inform DER
0:d=0 hl=4 l=1311 cons: SEQUENCE
4:d=1 hl=2 l= 73 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 60 cons: SEQUENCE
19:d=3 hl=2 l= 27 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 14 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:9C914F36B0FDC2D0
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=3 hl=2 l= 29 cons: SEQUENCE
50:d=4 hl=2 l= 9 prim: OBJECT :aes-128-cbc
61:d=4 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:...iv...
79:d=1 hl=4 l=1232 prim: OCTET STRING [HEX DUMP]:...ciphertext...
they can't directly be used with any of the OpenSSL "-inkey" or
similar options, as those don't assume PKCS8 and typically use:
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
the DER counterparts lack the password argument and can't read
encrypted keys. So encrypted PKCS#8 is fine for moving keys
between organizations, systems or people, but for data at rest,
if you want encrypted keys, you'll need PEM.
Use a strong passphrase, as the PBKDF for PEM encryption is
weak.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
