OpenSSL PKCS8(1openssl) NNNNAAAAMMMMEEEE
pkcs8 - PKCS#8 format private key conversion tool
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSSooooppppeeeennnnssssssssllll ppppkkkkccccssss8888 [---tttooooppppkkkk8888] [---iiinnnnffffoooorrrrmmmm PPPPEEEEMMMM||||DDDDEEEERRRR] [---ooouuuuttttffffoooorrrrmmmm PPPPEEEEMMMM||||DDDDEEEERRRR]
[---iiinnnn ffffiiiilllleeeennnnaaaammmmeeee] [---pppaaaassssssssiiiinnnn aaaarrrrgggg] [---ooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee] [---pppaaaassssssssoooouuuutttt aaaarrrrgggg]
[---nnnooooiiiitttteeeerrrr] [---nnnooooccccrrrryyyypppptttt] [---nnnoooooooocccctttt] [---eeemmmmbbbbeeeedddd] [---nnnssssddddbbbb] [---vvv2222 aaaallllgggg]
[---vvv1111 aaaallllgggg] [---eeennnnggggiiiinnnneeee iiiidddd]
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNNThe ppppkkkkccccssss8888 command processes private keys in PKCS#8 format.
It can handle both unencrypted PKCS#8 PrivateKeyInfo format
and EncryptedPrivateKeyInfo format with a variety of PKCS#5
(v1.5 and v2.0) and PKCS#12 algorithms.
CCCCOOOOMMMMMMMMAAAANNNNDDDD OOOOPPPPTTTTIIIIOOOONNNNSSSS-ttttooooppppkkkk8888
Normally a PKCS#8 private key is expected on input and a
traditional format private key will be written. With the---tttooooppppkkkk8888 option the situation is reversed: it reads a
traditional format private key and writes a PKCS#8
format key.-iiiinnnnffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
This specifies the input format. If a PKCS#8 format key
is expected on input then either a DDDDEEEERRRR or PPPPEEEEMMMM encodedversion of a PKCS#8 key will be expected. Otherwise the
DDDDEEEERRRR or PPPPEEEEMMMM format of the traditional format private key is used.-oooouuuuttttffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
This specifies the output format, the options have thesame meaning as the ---iiinnnnffffoooorrrrmmmm option.
-iiiinnnn ffffiiiilllleeeennnnaaaammmmeeee
This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.-ppppaaaassssssssiiiinnnn aaaarrrrgggg
the input file password source. For more information about the format of aaaarrrrgggg see the PPPPAAAASSSSSSSS PPPPHHHHRRRRAAAASSSSEEEE AAAARRRRGGGGUUUUMMMMEEEENNNNTTTTSSSS section in openssl(1).-oooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee
This specifies the output filename to write a key to or standard output by default. If any encryption options are set then a pass phrase will be prompted for. The output filename should nnnnooootttt be the same as the input filename.30/Jan/2003 Last change: 0.9.8o 1 OpenSSL PKCS8(1openssl)
-ppppaaaassssssssoooouuuutttt aaaarrrrgggg
the output file password source. For more information about the format of aaaarrrrgggg see the PPPPAAAASSSSSSSS PPPPHHHHRRRRAAAASSSSEEEE AAAARRRRGGGGUUUUMMMMEEEENNNNTTTTSSSS section in openssl(1).-nnnnooooccccrrrryyyypppptttt
PKCS#8 keys generated or input are normally PKCS#8
EncryptedPrivateKeyInfo structures using an appropriate password based encryption algorithm. With this option an unencrypted PrivateKeyInfo structure is expected or output. This option does not encrypt private keys at all and should only be used when absolutely necessary. Certain software such as some versions of Java code signing software used unencrypted private keys.-nnnnoooooooocccctttt
This option generates RSA private keys in a broken format that some software uses. Specifically the private key should be enclosed in a OCTET STRING but some software just includes the structure itself without the surrounding OCTET STRING.-eeeemmmmbbbbeeeedddd
This option generates DSA keys in a broken format. The DSA parameters are embedded inside the PrivateKey structure. In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing the parameters and an ASN1 INTEGER containing the private key.-nnnnssssddddbbbb
This option generates DSA keys in a broken format compatible with Netscape private key databases. The PrivateKey contains a SEQUENCE consisting of the public and private keys respectively.-vvvv2222 aaaallllgggg
This option enables the use of PKCS#5 v2.0 algorithms.
Normally PKCS#8 private keys are encrypted with the
password based encryption algorithm calledppppbbbbeeeeWWWWiiiitttthhhhMMMMDDDD5555AAAAnnnnddddDDDDEEEESSSS---CCCBBBBCCCC this uses 56 bit DES encryption but
it was the strongest encryption algorithm supported inPKCS#5 v1.5. Using the ---vvv2222 option PKCS#5 v2.0 algorithms
are used which can use any encryption algorithm such as 168 bit triple DES or 128 bit RC2 however not manyimplementations support PKCS#5 v2.0 yet. If you are just
using private keys with OpenSSL then this doesn't matter. The aaaallllgggg argument is the encryption algorithm to use, valid values include ddddeeeessss, ddddeeeessss3333 and rrrrcccc2222. It is recommended that ddddeeeessss3333 is used.30/Jan/2003 Last change: 0.9.8o 2 OpenSSL PKCS8(1openssl)
-vvvv1111 aaaallllgggg
This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm
to use. A complete list of possible algorithms is included below.-eeeennnnggggiiiinnnneeee iiiidddd
specifying an engine (by it's unique iiiidddd string) will cause rrrreeeeqqqq to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. NNNNOOOOTTTTEEEESSSSThe encrypted form of a PEM encode PKCS#8 files uses the
following headers and footers:-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
The unencrypted form uses:-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Private keys encrypted using PKCS#5 v2.0 algorithms and high
iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered important the keys should be converted. The default encryption is only 56 bits because this is theencryption that most current implementations of PKCS#8 will
support.Some software may use PKCS#12 password based encryption
algorithms with PKCS#8 format private keys: these are
handled automatically but there is no option to produce them. It is possible to write out DER encoded encrypted privatekeys in PKCS#8 format because the encryption details are
included at an ASN1 level whereas the traditional format includes them at a PEM level.PPPPKKKKCCCCSSSS####5555 vvvv1111....5555 aaaannnndddd PPPPKKKKCCCCSSSS####11112222 aaaallllggggoooorrrriiiitttthhhhmmmmssss....
Various algorithms can be used with the ---vvv1111 command line
option, including PKCS#5 v1.5 and PKCS#12. These are
described in more detail below.PPPPBBBBEEEE-MMMMDDDD2222---DDDEEEESSSS PPPPBBBBEEEE-MMMMDDDD5555---DDDEEEESSSS
These algorithms were included in the original PKCS#5
v1.5 specification. They only offer 56 bits of30/Jan/2003 Last change: 0.9.8o 3 OpenSSL PKCS8(1openssl) protection since they both use DES.
PPPPBBBBEEEE-SSSSHHHHAAAA1111---RRRCCCC2222----66664444 PPPPBBBBEEEE-MMMMDDDD2222---RRRCCCC2222----66664444 PPPPBBBBEEEE-MMMMDDDD5555---RRRCCCC2222----66664444 PPPPBBBBEEEE-SSSSHHHHAAAA1111---DDDEEEESSSS
These algorithms are not mentioned in the originalPKCS#5 v1.5 specification but they use the same key
derivation algorithm and are supported by some software.They are mentioned in PKCS#5 v2.0. They use either 64
bit RC2 or 56 bit DES.PPPPBBBBEEEE-SSSSHHHHAAAA1111---RRRCCCC2222----111122228888 PPPPBBBBEEEE-SSSSHHHHAAAA1111---RRRCCCC2222----44440000
PPPPBBBBEEEE-SSSSHHHHAAAA1111---RRRCCCC4444----111122228888 PPPPBBBBEEEE-SSSSHHHHAAAA1111---RRRCCCC4444----44440000 PPPPBBBBEEEE-SSSSHHHHAAAA1111----3333DDDDEEEESSSS PPPPBBBBEEEE-SSSSHHHHAAAA1111----2222DDDDEEEESSSS
These algorithms use the PKCS#12 password based
encryption algorithm and allow strong encryption algorithms like triple DES or 128 bit RC2 to be used. EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSSConvert a private from traditional to PKCS#5 v2.0 format
using triple DES:openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#5 1.5
compatible algorithm (DES):openssl pkcs8 -in key.pem -topk8 -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#12 compatible
algorithm (3DES):openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
Read a DER unencrypted PKCS#8 format private key:
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
Convert a private key from any PKCS#8 format to traditional
format:openssl pkcs8 -in pk8.pem -out key.pem
SSSSTTTTAAAANNNNDDDDAAAARRRRDDDDSSSSTest vectors from this PKCS#5 v2.0 implementation were
posted to the pkcs-tng mailing list using triple DES, DES
and RC2 with high iteration counts, several people confirmed that they could decrypt the private keys produced andTherefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these algorithms are concerned.The format of PKCS#8 DSA (and other) private keys is not
well documented: it is hidden away in PKCS#11 v2.01,
30/Jan/2003 Last change: 0.9.8o 4 OpenSSL PKCS8(1openssl)
section 11.9. OpenSSL's default DSA PKCS#8 private key
format complies with this standard. BBBBUUUUGGGGSSSS There should be an option that prints out the encryption algorithm in use and other details such as the iteration count.PKCS#8 using triple DES and PKCS#5 v2.0 should be the
default private key format for OpenSSL: for compatibility several of the utilities use the old format at present. SSSSEEEEEEEE AAAALLLLSSSSOOOO dsa(1), rsa(1), genrsa(1), gendsa(1)30/Jan/2003 Last change: 0.9.8o 5