353 lines
13 KiB
Groff
353 lines
13 KiB
Groff
.\" $NetBSD: openssl_pkcs8.1,v 1.4 2001/04/12 10:45:49 itojun Exp $
|
|
.\"
|
|
.\" Automatically generated by Pod::Man version 1.02
|
|
.\" Thu Apr 12 19:26:31 2001
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ======================================================================
|
|
.de Sh \" Subsection heading
|
|
.br
|
|
.if t .Sp
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Ip \" List item
|
|
.br
|
|
.ie \\n(.$>=3 .ne \\$3
|
|
.el .ne 3
|
|
.IP "\\$1" \\$2
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
|
|
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
|
|
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` `
|
|
. ds C' '
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr
|
|
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
|
|
.\" index entries marked with X<> in POD. Of course, you'll have to process
|
|
.\" the output yourself in some meaningful fashion.
|
|
.if \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
. .
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.\"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it
|
|
.\" makes way too many mistakes in technical documents.
|
|
.hy 0
|
|
.if n .na
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
.bd B 3
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ======================================================================
|
|
.\"
|
|
.IX Title "PKCS8 1"
|
|
.TH PKCS8 1 "0.9.6a" "2000-07-22" "OpenSSL"
|
|
.UC
|
|
.SH "NAME"
|
|
pkcs8 \- PKCS#8 format private key conversion tool
|
|
.SH "LIBRARY"
|
|
libcrypto, -lcrypto
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
\&\fBopenssl\fR \fBpkcs8\fR
|
|
[\fB\-topk8\fR]
|
|
[\fB\-inform PEM|DER\fR]
|
|
[\fB\-outform PEM|DER\fR]
|
|
[\fB\-in filename\fR]
|
|
[\fB\-passin arg\fR]
|
|
[\fB\-out filename\fR]
|
|
[\fB\-passout arg\fR]
|
|
[\fB\-noiter\fR]
|
|
[\fB\-nocrypt\fR]
|
|
[\fB\-nooct\fR]
|
|
[\fB\-embed\fR]
|
|
[\fB\-nsdb\fR]
|
|
[\fB\-v2 alg\fR]
|
|
[\fB\-v1 alg\fR]
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
|
|
both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
|
|
format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
|
|
.SH "COMMAND OPTIONS"
|
|
.IX Header "COMMAND OPTIONS"
|
|
.Ip "\fB\-topk8\fR" 4
|
|
.IX Item "-topk8"
|
|
Normally a PKCS#8 private key is expected on input and a traditional format
|
|
private key will be written. With the \fB\-topk8\fR option the situation is
|
|
reversed: it reads a traditional format private key and writes a PKCS#8
|
|
format key.
|
|
.Ip "\fB\-inform DER|PEM\fR" 4
|
|
.IX Item "-inform DER|PEM"
|
|
This specifies the input format. If a PKCS#8 format key is expected on input
|
|
then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be
|
|
expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format
|
|
private key is used.
|
|
.Ip "\fB\-outform DER|PEM\fR" 4
|
|
.IX Item "-outform DER|PEM"
|
|
This specifies the output format, the options have the same meaning as the
|
|
\&\fB\-inform\fR option.
|
|
.Ip "\fB\-in filename\fR" 4
|
|
.IX Item "-in filename"
|
|
This specifies the input filename to read a key from or standard input if this
|
|
option is not specified. If the key is encrypted a pass phrase will be
|
|
prompted for.
|
|
.Ip "\fB\-passin arg\fR" 4
|
|
.IX Item "-passin arg"
|
|
the input file password source. For more information about the format of \fBarg\fR
|
|
see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1).
|
|
.Ip "\fB\-out filename\fR" 4
|
|
.IX Item "-out filename"
|
|
This specifies the output filename to write a key to or standard output by
|
|
default. If any encryption options are set then a pass phrase will be
|
|
prompted for. The output filename should \fBnot\fR be the same as the input
|
|
filename.
|
|
.Ip "\fB\-passout arg\fR" 4
|
|
.IX Item "-passout arg"
|
|
the output file password source. For more information about the format of \fBarg\fR
|
|
see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1).
|
|
.Ip "\fB\-nocrypt\fR" 4
|
|
.IX Item "-nocrypt"
|
|
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
|
|
structures using an appropriate password based encryption algorithm. With
|
|
this option an unencrypted PrivateKeyInfo structure is expected or output.
|
|
This option does not encrypt private keys at all and should only be used
|
|
when absolutely necessary. Certain software such as some versions of Java
|
|
code signing software used unencrypted private keys.
|
|
.Ip "\fB\-nooct\fR" 4
|
|
.IX Item "-nooct"
|
|
This option generates \s-1RSA\s0 private keys in a broken format that some software
|
|
uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
|
|
but some software just includes the structure itself without the
|
|
surrounding \s-1OCTET\s0 \s-1STRING\s0.
|
|
.Ip "\fB\-embed\fR" 4
|
|
.IX Item "-embed"
|
|
This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
|
|
embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
|
|
contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
|
|
the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
|
|
.Ip "\fB\-nsdb\fR" 4
|
|
.IX Item "-nsdb"
|
|
This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
|
|
private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of
|
|
the public and private keys respectively.
|
|
.Ip "\fB\-v2 alg\fR" 4
|
|
.IX Item "-v2 alg"
|
|
This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
|
|
private keys are encrypted with the password based encryption algorithm
|
|
called \fBpbeWithMD5AndDES-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it
|
|
was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
|
|
the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any
|
|
encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however
|
|
not many implementations support PKCS#5 v2.0 yet. If you are just using
|
|
private keys with OpenSSL then this doesn't matter.
|
|
.Sp
|
|
The \fBalg\fR argument is the encryption algorithm to use, valid values include
|
|
\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used.
|
|
.Ip "\fB\-v1 alg\fR" 4
|
|
.IX Item "-v1 alg"
|
|
This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
|
|
list of possible algorithms is included below.
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
|
|
headers and footers:
|
|
.PP
|
|
.Vb 2
|
|
\& -----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
\& -----END ENCRYPTED PRIVATE KEY-----
|
|
.Ve
|
|
The unencrypted form uses:
|
|
.PP
|
|
.Vb 2
|
|
\& -----BEGIN PRIVATE KEY-----
|
|
\& -----END PRIVATE KEY-----
|
|
.Ve
|
|
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
|
|
counts are more secure that those encrypted using the traditional
|
|
SSLeay compatible formats. So if additional security is considered
|
|
important the keys should be converted.
|
|
.PP
|
|
The default encryption is only 56 bits because this is the encryption
|
|
that most current implementations of PKCS#8 will support.
|
|
.PP
|
|
Some software may use PKCS#12 password based encryption algorithms
|
|
with PKCS#8 format private keys: these are handled automatically
|
|
but there is no option to produce them.
|
|
.PP
|
|
It is possible to write out \s-1DER\s0 encoded encrypted private keys in
|
|
PKCS#8 format because the encryption details are included at an \s-1ASN1\s0
|
|
level whereas the traditional format includes them at a \s-1PEM\s0 level.
|
|
.SH "PKCS#5 v1.5 and PKCS#12 algorithms."
|
|
.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms."
|
|
Various algorithms can be used with the \fB\-v1\fR command line option,
|
|
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
|
|
below.
|
|
.Ip "\fB\s-1PBE-MD2\-DES\s0 \s-1PBE-MD5\-DES\s0\fR" 4
|
|
.IX Item "PBE-MD2-DES PBE-MD5-DES"
|
|
These algorithms were included in the original PKCS#5 v1.5 specification.
|
|
They only offer 56 bits of protection since they both use \s-1DES\s0.
|
|
.Ip "\fB\s-1PBE-SHA1\-RC2\-64\s0 \s-1PBE-MD2\-RC2\-64\s0 \s-1PBE-MD5\-RC2\-64\s0 \s-1PBE-SHA1\-DES\s0\fR" 4
|
|
.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
|
|
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
|
|
but they use the same key derivation algorithm and are supported by some
|
|
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
|
|
56 bit \s-1DES\s0.
|
|
.Ip "\fB\s-1PBE-SHA1\-RC4\-128\s0 \s-1PBE-SHA1\-RC4\-40\s0 \s-1PBE-SHA1\-3DES\s0 \s-1PBE-SHA1\-2DES\s0 \s-1PBE-SHA1\-RC2\-128\s0 \s-1PBE-SHA1\-RC2\-40\s0\fR" 4
|
|
.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
|
|
These algorithms use the PKCS#12 password based encryption algorithm and
|
|
allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
|
|
.SH "EXAMPLES"
|
|
.IX Header "EXAMPLES"
|
|
Convert a private from traditional to PKCS#5 v2.0 format using triple
|
|
\&\s-1DES:\s0
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
|
|
.Ve
|
|
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
|
|
(\s-1DES\s0):
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem
|
|
.Ve
|
|
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
|
|
(3DES):
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
|
|
.Ve
|
|
Read a \s-1DER\s0 unencrypted PKCS#8 format private key:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
|
|
.Ve
|
|
Convert a private key from any PKCS#8 format to traditional format:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 -in pk8.pem -out key.pem
|
|
.Ve
|
|
.SH "STANDARDS"
|
|
.IX Header "STANDARDS"
|
|
Test vectors from this PKCS#5 v2.0 implementation were posted to the
|
|
pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
|
|
counts, several people confirmed that they could decrypt the private
|
|
keys produced and Therefore it can be assumed that the PKCS#5 v2.0
|
|
implementation is reasonably accurate at least as far as these
|
|
algorithms are concerned.
|
|
.PP
|
|
The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
|
|
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
|
|
PKCS#8 private key format complies with this standard.
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
There should be an option that prints out the encryption algorithm
|
|
in use and other details such as the iteration count.
|
|
.PP
|
|
PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private
|
|
key format for OpenSSL: for compatibility several of the utilities use
|
|
the old format at present.
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
openssl_dsa(1), openssl_rsa(1), openssl_genrsa(1),
|
|
openssl_gendsa(1)
|