pkcs8 – WindowsTechs.com

OpenSSL get PKCS#8 encrypted rsa PBKDF2 iteration count

Posted on March 2, 2023 by AnotherOne

I have a PCKS#8 RSA Key encrypted with a passphrase and would like to retrieve the iteration count used for the PBKDF2 used to derive the AES Key used for encryption, in order to make sure that they conform to the standard https://www.rfc-… Continue reading OpenSSL get PKCS#8 encrypted rsa PBKDF2 iteration count→

Why did OpenSSH create its own key format, and not use PKCS#8?

Posted on January 17, 2023 by Evan Carroll

Before posting this question about ed25519, I learned that there are two formats for storing a private ed25519 key,

PKCS#8
OpenSSH Format

Why did OpenSSH create its own format rather than use PKCS#8? Please include any relevant citations… Continue reading Why did OpenSSH create its own key format, and not use PKCS#8?→

How can I convert an ED25519 key in PKCS#8 to OpenSSH private key format?

Posted on January 13, 2023 by Evan Carroll

I’m having a problem where when I export a key from 1password, and use it with ssh -i, I get
Load key "/home/user/.ssh/private_ed25519": invalid format

Doing a google search on this, it seems to be a problem where 1password stor… Continue reading How can I convert an ED25519 key in PKCS#8 to OpenSSH private key format?→

Is it possible to check private key syntax using openssl?

Posted on June 17, 2022 by gicig

I have a DER-serialized private key. The tool I have to provide the key to gives me algid parse error, not a sequence, and it looks like the problem is that the key is not PKCS#8.
The command that the most popular comment to the answer sug… Continue reading Is it possible to check private key syntax using openssl?→

Specification of AES-based PKCS#5 Password-Based Encryption (PBE)

Posted on August 25, 2021 by moritz1895

recently I had a look at the capabilities of the Java keytool to create PKCS#12 containers with a protected private key. According to the standard a private key is protected using a PKCS#8 shrouded key bag applying a PKCS#5 password-based … Continue reading Specification of AES-based PKCS#5 Password-Based Encryption (PBE)→

How to encode a public key in PKCS#8?

Posted on May 19, 2021 by JamesTheAwesomeDude

RFC5958 defines a set of enhancements to the PKCS#8 key serialization format, bumping the version field up to 1 and additionally permitting serialization of public keys for arbitrary asymmetric cryptographic algorithms.
OneAsymmetricKey ::… Continue reading How to encode a public key in PKCS#8?→

OpenSSL encrypt DER format private key

Posted on February 11, 2021 by rob

When converting a password-protected PEM/PKCS1-encoded private key to DER format one is not able to encrypt the key, OpenSSL automagically asks for the password and writes the plain-text key in the output file.
However, I understand that P… Continue reading OpenSSL encrypt DER format private key→

Dissecting and decrypting a .PFX file

Posted on September 11, 2019 by user185953

Background: I have a .pfx file from a microsoft CA that some appliance dislikes, but openssl considers it valid. I can use openssl to rewrite the pkcs12 file, trimming away some unnecessary attributes.

openssl pkcs12 -in ori… Continue reading Dissecting and decrypting a .PFX file→

Root CA key generation compliant with WebTrust and HSM independent

Posted on September 8, 2019 by user1563721

I’m trying to figure out how to generate private key for the Root CA according the principles of WebTrust.

One additional requirement I have that the generate private key should be then imported to any HSM, independent of th… Continue reading Root CA key generation compliant with WebTrust and HSM independent→

Good way to protect lots of private keys

Posted on February 28, 2018 by Serhii Yakovenko

I’m working on a software which deals with lots (several millions) of RSA private keys. Keysize is 2048, I’m going to store them in database in PEM format.

I want keys to be encrypted to mitigate risks of hostile access to d… Continue reading Good way to protect lots of private keys→