RSA and DSA are different types of key formats. They do not imply protecting the private keywith an encryption algorithm. If you look at gendsa(1) or genrsa(1), you will see that passphrase protection is optional to both, and that there a good many choices. default_md is actually something from ca(1), it's the crypto signature algorithm for public keys / certificates, and really doesn't apply to private keys. I'll just look at the source code when I get to the office. ~BAS On Wed, 2006-05-24 at 01:54, Chris wrote: > Brian A. Seklecki wrote: > > > > Does anyone know how to specify the encryption cipher used in this > > funciton as documented in OpenSSL's genrsa(1)? > > > > Why isn't the encryption method a value in [array configargs] ? > > > > -des|-des3|-idea > > These options encrypt the private key with the DES, triple DES, > > or > > the IDEA ciphers respectively before outputting it. If none of > > these options is specified no encryption is used. > > > > Or is the encryption method a value that can be specified in config=> > > and req_extensions=> ? > > > > Right now generated private keys look like: > > > > -----BEGIN RSA PRIVATE KEY----- > > Proc-Type: 4,ENCRYPTED > > DEK-Info: DES-EDE3-CBC,FA81C573DFD21B7D > > > > > > Which is 3DES, but some systems support AES, IDEA, Blowfish, Twofish, It > > depends on the OpenSSL config. > > > > Idea? > > Read the documentation? > > Took me about 30 seconds to find this page: > > http://www.php.net/manual/en/function.openssl-csr-new.php > > Where it says: > > under "private_key_type" > > Specifies the type of private key to create. This can be one of > OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or OPENSSL_KEYTYPE_RSA. The > default value is OPENSSL_KEYTYPE_RSA which is currently the only > supported key type. > > So you can't use any other type. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
