> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of kishore > Sent: Friday, October 13, 2017 07:05 >./openssl genrsa -out aes256sha12048.key -aes256 2048 -S E1F53135E559C253 Using what version of OpenSSL? Running on what platform? Please include basic, essential information in your question. Don't make us guess. > but when try to load the key using BouncyCastle code, it throws > "Error salt must be at least 128 bits" The version of the openssl utility (1.0.2j) I'm running doesn't list a -S parameter in its help output, and I don't see one in genrsa.c, but there is one in enc.c, so maybe the genrsa command supports it. Though when I tried your command line, the key I got was encrypted with a salt (IV, really) that didn't appear to be related in any way to the value given with -S. In any case, though, the value you're passing for -S is only 64 bits. 64 is less than 128. Have you tried omitting the -S option? You should get a key encrypted with an IV of the appropriate length (128 bits) for AES-CBC-256. What does the PEM header - particularly the DEK-Info line - in the generated key file say? -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
