diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-05-17 14:15:20 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-05-23 16:41:34 +0100 |
| commit | 05dba8151bd418cdc111d62102aaf9f4e7bd2f3f (patch) | |
| tree | d29b35e495de274097853570f16271fe29f32cb8 /apps/pkey.c | |
| parent | 07930a75a1f82fd359d0af7849f01990b73659dd (diff) | |
| download | openssl-05dba8151bd418cdc111d62102aaf9f4e7bd2f3f.tar.gz | |
Support for traditional format private keys.
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/pkey.c')
| -rw-r--r-- | apps/pkey.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/apps/pkey.c b/apps/pkey.c index 6abd63c52e..50ee05f784 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -18,7 +18,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, - OPT_TEXT, OPT_NOOUT, OPT_MD + OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL } OPTION_CHOICE; OPTIONS pkey_options[] = { @@ -36,6 +36,8 @@ OPTIONS pkey_options[] = { {"text", OPT_TEXT, '-', "Output in plaintext as well"}, {"noout", OPT_NOOUT, '-', "Don't output the key"}, {"", OPT_MD, '-', "Any supported cipher"}, + {"traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -53,7 +55,7 @@ int pkey_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1; - int private = 0; + int private = 0, traditional = 0; prog = opt_init(argc, argv, pkey_options); while ((o = opt_next()) != OPT_EOF) { @@ -105,6 +107,9 @@ int pkey_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; + case OPT_TRADITIONAL: + traditional = 1; + break; case OPT_MD: if (!opt_cipher(opt_unknown(), &cipher)) goto opthelp; @@ -140,8 +145,13 @@ int pkey_main(int argc, char **argv) PEM_write_bio_PUBKEY(out, pkey); else { assert(private); - PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout); + if (traditional) + PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, + NULL, 0, NULL, + passout); + else + PEM_write_bio_PrivateKey(out, pkey, cipher, + NULL, 0, NULL, passout); } } else if (outformat == FORMAT_ASN1) { if (pubout) |