diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2002-01-04 13:35:37 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2002-01-04 13:35:37 +0000 |
| commit | 06623ff028b703091b30454f2d87afde1a520e02 (patch) | |
| tree | 5d37a4d1a3460f38e640152e28b3017e4abd953e /doc/crypto/pem.pod | |
| parent | 67d48c8cc8f8eb01be95a6e44bd706979432ce23 (diff) | |
| download | openssl-new-06623ff028b703091b30454f2d87afde1a520e02.tar.gz | |
Update PEM docs
Diffstat (limited to 'doc/crypto/pem.pod')
| -rw-r--r-- | doc/crypto/pem.pod | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index ce8f374252..a4f8cc3337 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -409,7 +409,7 @@ Skeleton pass phrase callback: memcpy(buf, tmp, len); return len; } - + =head1 NOTES The old B<PrivateKey> write routines are retained for compatibility. @@ -431,6 +431,29 @@ this: this is a bug because an attempt will be made to reuse the data at B<x> which is an uninitialised pointer. +=head1 PEM ENCRYPTION FORMAT + +This old B<PrivateKey> routines use a non standard technique for encryption. + +The private key (or other data) takes the following form: + + -----BEGIN RSA PRIVATE KEY----- + Proc-Type: 4,ENCRYPTED + DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 + + ...base64 encoded data... + -----END RSA PRIVATE KEY----- + +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by EVP_get_cipherbyname() and an 8 +byte B<salt> encoded as a set of hexadecimal digits. + +After this is the base64 encoded encrypted data. + +The encryption key is determined using EVP_bytestokey(), using B<salt> and an +iteration count of 1. The IV used is the value of B<salt> and *not* the IV +returned by EVP_bytestokey(). + =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse |