最初我们使用OpenSSL 0.9.8e导入证书。 此版本的OpenSSL用于使用标题“----- BEGIN RSA PRIVATE KEY -----”创建私钥Bio。 现在我们已经将OpenSSL升级到1.0.1。 在我们导入证书时,在此版本的OpenSSL中,使用标题“----- BEGIN PRIVATE KEY -----”创建私钥生物。
这种差异导致将证书导出到其他设备时出现问题。
有人可以帮我调试这个问题吗?
提前谢谢,Azeem
Initially we were using OpenSSL 0.9.8e to import the certificate. This version of OpenSSL used to create the Private key Bio using the header "-----BEGIN RSA PRIVATE KEY-----". now we have upgraded the OpenSSL to 1.0.1. in this version of OpenSSL when we import a certificate, the Private Key Bio is creates using the header "-----BEGIN PRIVATE KEY-----".
This difference is causing the issue in exporting the certificate to Other devices.
Can somebody please help me to debug this issue?
Thanks in advance, Azeem
最满意答案
请参阅PEM_write_bio_PrivateKey和PEM_write_bio_RSAPrivateKey 。 我不确定它何时发生,但可能是由于此更改(来自https://www.openssl.org/docs/crypto/pem.html ):
保留旧的PrivateKey写例程以保持兼容性。 新应用程序应使用PEM_write_bio_PKCS8PrivateKey()或PEM_write_PKCS8PrivateKey()例程编写私钥,因为它们更安全(它们使用的迭代计数为2048,而传统例程使用的计数为1),除非与旧版本的OpenSSL兼容很重要。
PrivateKey读取例程可以在所有应用程序中使用,因为它们透明地处理所有格式。
See PEM_write_bio_PrivateKey and PEM_write_bio_RSAPrivateKey. I'm not sure when it occurred, but its likely due to this change (from https://www.openssl.org/docs/crypto/pem.html):
The old PrivateKey write routines are retained for compatibility. New applications should write private keys using the PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important.
The PrivateKey read routines can be used in all applications because they handle all formats transparently.
更多推荐
发布评论