From 06623ff028b703091b30454f2d87afde1a520e02 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 4 Jan 2002 13:35:37 +0000 Subject: [PATCH] Update PEM docs --- doc/crypto/pem.pod | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index ce8f374252..a4f8cc3337 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -409,7 +409,7 @@ Skeleton pass phrase callback: memcpy(buf, tmp, len); return len; } - + =head1 NOTES The old B write routines are retained for compatibility. @@ -431,6 +431,29 @@ this: this is a bug because an attempt will be made to reuse the data at B which is an uninitialised pointer. +=head1 PEM ENCRYPTION FORMAT + +This old B routines use a non standard technique for encryption. + +The private key (or other data) takes the following form: + + -----BEGIN RSA PRIVATE KEY----- + Proc-Type: 4,ENCRYPTED + DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 + + ...base64 encoded data... + -----END RSA PRIVATE KEY----- + +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by EVP_get_cipherbyname() and an 8 +byte B encoded as a set of hexadecimal digits. + +After this is the base64 encoded encrypted data. + +The encryption key is determined using EVP_bytestokey(), using B and an +iteration count of 1. The IV used is the value of B and *not* the IV +returned by EVP_bytestokey(). + =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse -- 2.34.1