On Thu, Feb 28, 2019 at 03:05:43PM -0500, Ken Goldman wrote:
> The output is a
> -----BEGIN ENCRYPTED PRIVATE KEY-----
This is PKCS8, which is the non-legacy private key format that
should be used by modern libraries. This is for example output by:
$ openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -aes128
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAgWnV30Y37QvAICCAAw
DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMx8xGM1W+W4JdPET0xj0MAEgZAp
9XvYDcsnokrXBoyWqFF73VeT/4ALgS+StQQK/84qzqjOKSUeteLiDoHkyH2GUYue
WILJh+3MoqRRGyGPGaznI7yT2fCSUJNGZsvEDd8ILYGpvkS8ssfa/WXWZ0d4jwXr
VE05VWx424ospaKPz8E5wsvpfuqB3/CxFnD0WUTa1cY/oLkwAUem/ps4iMWoIP8=
-----END ENCRYPTED PRIVATE KEY-----
[ The password is "sesame", if you want to test using the above key. ]
> Now I must send the PEM file to a crypto library that does not support
>
> It expects
> -----BEGIN EC PRIVATE KEY-----
That's the legacy algorithm-specific format, your library is rather
dated.
> Its parser does accept a password.
>
> Is there a way to generate that PEM file? I.e.
$ openssl ec -aes128 <<EOF
> -----BEGIN ENCRYPTED PRIVATE KEY-----
> MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAgWnV30Y37QvAICCAAw
> DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEMx8xGM1W+W4JdPET0xj0MAEgZAp
> 9XvYDcsnokrXBoyWqFF73VeT/4ALgS+StQQK/84qzqjOKSUeteLiDoHkyH2GUYue
> WILJh+3MoqRRGyGPGaznI7yT2fCSUJNGZsvEDd8ILYGpvkS8ssfa/WXWZ0d4jwXr
> VE05VWx424ospaKPz8E5wsvpfuqB3/CxFnD0WUTa1cY/oLkwAUem/ps4iMWoIP8=
> -----END ENCRYPTED PRIVATE KEY-----
> EOF
read EC key
Enter PEM pass phrase:
writing EC key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,28ADEB740F62A9F41B2AAE09B53CD433
WbSfKUDAWwz8/6mAH9fuiBbCHrNwb7hnoRz7rfaoJ9QU5VzxZtwuZhGnAw/nKfsy
b/GHtWa4ghtHf9QofQWuJukeMrC2/KAO+8K1qRsUtcH3KFsaVLcKrDk9plQ2lGdr
qh3IX8vzPi+YZbdtquSse84g5GNMSE/Urv2bGdZH278=
-----END EC PRIVATE KEY-----
[ The password is still "sesame" ]
--
Viktor.
