Update PEM docs
This commit is contained in:
Dr. Stephen Henson
parent
67d48c8cc8
commit
06623ff028
@ -409,7 +409,7 @@ Skeleton pass phrase callback:
|
|||||||
memcpy(buf, tmp, len);
|
memcpy(buf, tmp, len);
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
The old B<PrivateKey> write routines are retained for compatibility.
|
The old B<PrivateKey> write routines are retained for compatibility.
|
||||||
@ -431,6 +431,29 @@ this:
|
|||||||
this is a bug because an attempt will be made to reuse the data at B<x>
|
this is a bug because an attempt will be made to reuse the data at B<x>
|
||||||
which is an uninitialised pointer.
|
which is an uninitialised pointer.
|
||||||
|
|
||||||
|
=head1 PEM ENCRYPTION FORMAT
|
||||||
|
|
||||||
|
This old B<PrivateKey> routines use a non standard technique for encryption.
|
||||||
|
|
||||||
|
The private key (or other data) takes the following form:
|
||||||
|
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
|
||||||
|
|
||||||
|
...base64 encoded data...
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
||||||
|
The line beginning DEK-Info contains two comma separated pieces of information:
|
||||||
|
the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
|
||||||
|
byte B<salt> encoded as a set of hexadecimal digits.
|
||||||
|
|
||||||
|
After this is the base64 encoded encrypted data.
|
||||||
|
|
||||||
|
The encryption key is determined using EVP_bytestokey(), using B<salt> and an
|
||||||
|
iteration count of 1. The IV used is the value of B<salt> and *not* the IV
|
||||||
|
returned by EVP_bytestokey().
|
||||||
|
|
||||||
=head1 BUGS
|
=head1 BUGS
|
||||||
|
|
||||||
The PEM read routines in some versions of OpenSSL will not correctly reuse
|
The PEM read routines in some versions of OpenSSL will not correctly reuse
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user