0286d94454
and add an nseq manpage.
167 lines
5.3 KiB
Text
167 lines
5.3 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
pkcs8 - PKCS#8 format private key conversion tool
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl> B<pkcs8>
|
|
[B<-topk8>]
|
|
[B<-inform PEM|DER>]
|
|
[B<-outform PEM|DER>]
|
|
[B<-in filename>]
|
|
[B<-out filename>]
|
|
[B<-noiter>]
|
|
[B<-nocrypt>]
|
|
[B<-nooct>]
|
|
[B<-v2 alg>]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
|
|
both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
|
|
format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
|
|
|
|
=head1 COMMAND OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-topk8>
|
|
|
|
Normally a PKCS#8 private key is expected on input and a traditional format
|
|
private key will be written. With the B<-topk8> option the situation is
|
|
reversed: it reads a traditional format private key and writes a PKCS#8
|
|
format key.
|
|
|
|
=item B<-inform DER|PEM>
|
|
|
|
This specifies the input format. If a PKCS#8 format key is expected on input
|
|
then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
|
|
expected. Otherwise the B<DER> or B<PEM> format of the traditional format
|
|
private key is used.
|
|
|
|
=item B<-outform DER|PEM>
|
|
|
|
This specifies the output format, the options have the same meaning as the
|
|
B<-inform> option.
|
|
|
|
=item B<-in filename>
|
|
|
|
This specifies the input filename to read a key from or standard input if this
|
|
option is not specified. If the key is encrypted a pass phrase will be
|
|
prompted for.
|
|
|
|
=item B<-out filename>
|
|
|
|
This specifies the output filename to write a key to or standard output by
|
|
default. If any encryption options are set then a pass phrase will be
|
|
prompted for. The output filename should B<not> be the same as the input
|
|
filename.
|
|
|
|
=item B<-nocrypt>
|
|
|
|
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
|
|
structures using an appropriate password based encryption algorithm. With
|
|
this option an unencrypted PrivateKeyInfo structure is expected or output.
|
|
This option does not encrypt private keys at all and should only be used
|
|
when absolutely necessary. Certain software such as some versions of Java
|
|
code signing software used unencrypted private keys.
|
|
|
|
=item B<-nooct>
|
|
|
|
This option generates private keys in a broken format that some software
|
|
uses. Specifically the private key should be enclosed in a OCTET STRING
|
|
but some software just includes the structure itself without the
|
|
surrounding OCTET STRING.
|
|
|
|
=item B<-v2 alg>
|
|
|
|
This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
|
|
private keys are encrypted with the password based encryption algorithm
|
|
called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
|
|
was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
|
|
the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
|
|
encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
|
|
not many implementations support PKCS#5 v2.0 yet. If you are just using
|
|
private keys with OpenSSL then this doesn't matter.
|
|
|
|
The B<alg> argument is the encryption algorithm to use, valid values include
|
|
B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
|
|
|
|
=back
|
|
|
|
=head1 NOTES
|
|
|
|
The encrypted form of a PEM encode PKCS#8 files uses the following
|
|
headers and footers:
|
|
|
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
|
|
The unencrypted form uses:
|
|
|
|
-----BEGIN PRIVATE KEY-----
|
|
-----END PRIVATE KEY-----
|
|
|
|
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
|
|
counts are more secure that those encrypted using the traditional
|
|
SSLeay compatible formats. So if additional security is considered
|
|
important the keys should be converted.
|
|
|
|
The default encryption is only 56 bits because this is the encryption
|
|
that most current implementations of PKCS#8 will support.
|
|
|
|
Some software may use PKCS#12 password based encryption algorithms
|
|
with PKCS#8 format private keys: these are handled automatically
|
|
but there is no option to produce them.
|
|
|
|
It is possible to write out DER encoded encrypted private keys in
|
|
PKCS#8 format because the encryption details are included at an ASN1
|
|
level whereas the traditional format includes them at a PEM level.
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Convert a private from traditional to PKCS#5 v2.0 format using triple
|
|
DES:
|
|
|
|
openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
|
|
|
|
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
|
|
(DES):
|
|
|
|
openssl pkcs8 -in key.pem -topk8 -out enckey.pem
|
|
|
|
Read a DER unencrypted PKCS#8 format private key:
|
|
|
|
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
|
|
|
|
Convert a private key from any PKCS#8 format to traditional format:
|
|
|
|
openssl pkcs8 -in pk8.pem -out key.pem
|
|
|
|
=head1 STANDARDS
|
|
|
|
Test vectors from this implementation were posted to the pkcs-tng mailing
|
|
list using triple DES, DES and RC2 with high iteration counts, several
|
|
people confirmed that they could decrypt the private keys produced and
|
|
Therefore it can be assumed that the PKCS#5 v2.0 implementation is
|
|
reasonably accurate at least as far as these algorithms are concerned.
|
|
|
|
=head1 BUGS
|
|
|
|
It isn't possible to produce keys encrypted using PKCS#5 v1.5 algorithms
|
|
other than B<pbeWithMD5AndDES-CBC> using this utility.
|
|
|
|
There should be an option that prints out the encryption algorithm
|
|
in use and other details such as the iteration count.
|
|
|
|
PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
|
|
key format for OpenSSL: for compatability several of the utilities use
|
|
the old format at present.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
dsa(1), rsa(1), genrsa(1), gendsa(1)
|
|
|
|
=cut
|