Re: Unable to generate privatekey with 128bit salt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of kishore
> Sent: Friday, October 13, 2017 07:05

>./openssl genrsa -out aes256sha12048.key -aes256 2048  -S E1F53135E559C253

Using what version of OpenSSL? Running on what platform? Please include basic, essential information in your question. Don't make us guess.

> but when try to load the key using BouncyCastle code, it throws 

> "Error salt must be at least 128 bits"

The version of the openssl utility (1.0.2j) I'm running doesn't list a -S parameter in its help output, and I don't see one in genrsa.c, but there is one in enc.c, so maybe the genrsa command supports it. Though when I tried your command line, the key I got was encrypted with a salt (IV, really) that didn't appear to be related in any way to the value given with -S.

In any case, though, the value you're passing for -S is only 64 bits. 64 is less than 128.

Have you tried omitting the -S option? You should get a key encrypted with an IV of the appropriate length (128 bits) for AES-CBC-256.

What does the PEM header - particularly the DEK-Info line - in the generated key file say?

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux