392 lines
15 KiB
Groff
Executable File
392 lines
15 KiB
Groff
Executable File
.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ========================================================================
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
|
|
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
|
|
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
|
|
.\" nothing in troff, for use with C<>.
|
|
.tr \(*W-
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` ""
|
|
. ds C' ""
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" Escape single quotes in literal strings from groff's Unicode transform.
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr for
|
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
|
|
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
|
.\" output yourself in some meaningful fashion.
|
|
.ie \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
..
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.el \{\
|
|
. de IX
|
|
..
|
|
.\}
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ========================================================================
|
|
.\"
|
|
.IX Title "OPENSSL-PKCS8 1"
|
|
.TH OPENSSL-PKCS8 1 "2020-03-02" "3.0.0-dev" "OpenSSL"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
.\" way too many mistakes in technical documents.
|
|
.if n .ad l
|
|
.nh
|
|
.SH "NAME"
|
|
openssl\-pkcs8 \- PKCS#8 format private key conversion tool
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
\&\fBopenssl\fR \fBpkcs8\fR
|
|
[\fB\-help\fR]
|
|
[\fB\-topk8\fR]
|
|
[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]
|
|
[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]
|
|
[\fB\-in\fR \fIfilename\fR]
|
|
[\fB\-passin\fR \fIarg\fR]
|
|
[\fB\-out\fR \fIfilename\fR]
|
|
[\fB\-passout\fR \fIarg\fR]
|
|
[\fB\-iter\fR \fIcount\fR]
|
|
[\fB\-noiter\fR]
|
|
[\fB\-nocrypt\fR]
|
|
[\fB\-traditional\fR]
|
|
[\fB\-v2\fR \fIalg\fR]
|
|
[\fB\-v2prf\fR \fIalg\fR]
|
|
[\fB\-v1\fR \fIalg\fR]
|
|
[\fB\-scrypt\fR]
|
|
[\fB\-scrypt_N\fR \fIN\fR]
|
|
[\fB\-scrypt_r\fR \fIr\fR]
|
|
[\fB\-scrypt_p\fR \fIp\fR]
|
|
[\fB\-rand\fR \fIfiles\fR]
|
|
[\fB\-writerand\fR \fIfile\fR]
|
|
[\fB\-engine\fR \fIid\fR]
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
This command processes private keys in PKCS#8 format. It can handle
|
|
both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
|
|
format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
|
|
.SH "OPTIONS"
|
|
.IX Header "OPTIONS"
|
|
.IP "\fB\-help\fR" 4
|
|
.IX Item "-help"
|
|
Print out a usage message.
|
|
.IP "\fB\-topk8\fR" 4
|
|
.IX Item "-topk8"
|
|
Normally a PKCS#8 private key is expected on input and a private key will be
|
|
written to the output file. With the \fB\-topk8\fR option the situation is
|
|
reversed: it reads a private key and writes a PKCS#8 format key.
|
|
.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4
|
|
.IX Item "-inform DER|PEM, -outform DER|PEM"
|
|
The input and formats; the default is \fB\s-1PEM\s0\fR.
|
|
See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details.
|
|
.Sp
|
|
If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is
|
|
not used) then the input file must be in PKCS#8 format. An encrypted
|
|
key is expected unless \fB\-nocrypt\fR is included.
|
|
.Sp
|
|
If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an
|
|
unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is
|
|
used then a traditional format private key is written instead.
|
|
.Sp
|
|
If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an
|
|
unencrypted private key in traditional \s-1DER\s0 format.
|
|
.Sp
|
|
If \fB\-topk8\fR is used then any supported private key can be used for the input
|
|
file in a format specified by \fB\-inform\fR. The output file will be encrypted
|
|
PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR
|
|
is included.
|
|
.IP "\fB\-traditional\fR" 4
|
|
.IX Item "-traditional"
|
|
When this option is present and \fB\-topk8\fR is not a traditional format private
|
|
key is written.
|
|
.IP "\fB\-in\fR \fIfilename\fR" 4
|
|
.IX Item "-in filename"
|
|
This specifies the input filename to read a key from or standard input if this
|
|
option is not specified. If the key is encrypted a pass phrase will be
|
|
prompted for.
|
|
.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4
|
|
.IX Item "-passin arg, -passout arg"
|
|
The password source for the input and output file.
|
|
For more information about the format of \fBarg\fR
|
|
see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1).
|
|
.IP "\fB\-out\fR \fIfilename\fR" 4
|
|
.IX Item "-out filename"
|
|
This specifies the output filename to write a key to or standard output by
|
|
default. If any encryption options are set then a pass phrase will be
|
|
prompted for. The output filename should \fBnot\fR be the same as the input
|
|
filename.
|
|
.IP "\fB\-iter\fR \fIcount\fR" 4
|
|
.IX Item "-iter count"
|
|
When creating new PKCS#8 containers, use a given number of iterations on
|
|
the password in deriving the encryption key for the PKCS#8 output.
|
|
High values increase the time required to brute-force a PKCS#8 container.
|
|
.IP "\fB\-nocrypt\fR" 4
|
|
.IX Item "-nocrypt"
|
|
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
|
|
structures using an appropriate password based encryption algorithm. With
|
|
this option an unencrypted PrivateKeyInfo structure is expected or output.
|
|
This option does not encrypt private keys at all and should only be used
|
|
when absolutely necessary. Certain software such as some versions of Java
|
|
code signing software used unencrypted private keys.
|
|
.IP "\fB\-v2\fR \fIalg\fR" 4
|
|
.IX Item "-v2 alg"
|
|
This option sets the PKCS#5 v2.0 algorithm.
|
|
.Sp
|
|
The \fIalg\fR argument is the encryption algorithm to use, valid values include
|
|
\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR
|
|
is used.
|
|
.IP "\fB\-v2prf\fR \fIalg\fR" 4
|
|
.IX Item "-v2prf alg"
|
|
This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value
|
|
value would be \fBhmacWithSHA256\fR. If this option isn't set then the default
|
|
for the cipher is used or \fBhmacWithSHA256\fR if there is no default.
|
|
.Sp
|
|
Some implementations may not support custom \s-1PRF\s0 algorithms and may require
|
|
the \fBhmacWithSHA1\fR option to work.
|
|
.IP "\fB\-v1\fR \fIalg\fR" 4
|
|
.IX Item "-v1 alg"
|
|
This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
|
|
older implementations may not support PKCS#5 v2.0 and may require this option.
|
|
If not specified PKCS#5 v2.0 form is used.
|
|
.IP "\fB\-scrypt\fR" 4
|
|
.IX Item "-scrypt"
|
|
Uses the \fBscrypt\fR algorithm for private key encryption using default
|
|
parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit
|
|
key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR,
|
|
\&\fB\-scrypt_p\fR and \fB\-v2\fR options.
|
|
.IP "\fB\-scrypt_N\fR \fIN\fR, \fB\-scrypt_r\fR \fIr\fR, \fB\-scrypt_p\fR \fIp\fR" 4
|
|
.IX Item "-scrypt_N N, -scrypt_r r, -scrypt_p p"
|
|
Sets the scrypt \fIN\fR, \fIr\fR or \fIp\fR parameters.
|
|
.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
|
|
.IX Item "-rand files, -writerand file"
|
|
See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details.
|
|
.IP "\fB\-engine\fR \fIid\fR" 4
|
|
.IX Item "-engine id"
|
|
See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1).
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
|
|
\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used.
|
|
.PP
|
|
Some older implementations do not support PKCS#5 v2.0 format and require
|
|
the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
|
|
encryption algorithms such as 56 bit \s-1DES\s0.
|
|
.PP
|
|
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
|
|
counts are more secure that those encrypted using the traditional
|
|
SSLeay compatible formats. So if additional security is considered
|
|
important the keys should be converted.
|
|
.PP
|
|
It is possible to write out \s-1DER\s0 encoded encrypted private keys in
|
|
PKCS#8 format because the encryption details are included at an \s-1ASN1\s0
|
|
level whereas the traditional format includes them at a \s-1PEM\s0 level.
|
|
.SH "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS"
|
|
.IX Header "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS"
|
|
Various algorithms can be used with the \fB\-v1\fR command line option,
|
|
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
|
|
below.
|
|
.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
|
|
.IX Item "PBE-MD2-DES PBE-MD5-DES"
|
|
These algorithms were included in the original PKCS#5 v1.5 specification.
|
|
They only offer 56 bits of protection since they both use \s-1DES\s0.
|
|
.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4
|
|
.IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES"
|
|
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
|
|
but they use the same key derivation algorithm and are supported by some
|
|
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
|
|
56 bit \s-1DES\s0.
|
|
.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
|
|
.IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40"
|
|
These algorithms use the PKCS#12 password based encryption algorithm and
|
|
allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
|
|
.SH "EXAMPLES"
|
|
.IX Header "EXAMPLES"
|
|
Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with
|
|
256 bit key and \fBhmacWithSHA256\fR):
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#8 unencrypted format:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0
|
|
mode and \fBhmacWithSHA512\fR \s-1PRF:\s0
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
|
|
(\s-1DES\s0):
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
|
|
(3DES):
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES
|
|
.Ve
|
|
.PP
|
|
Read a \s-1DER\s0 unencrypted PKCS#8 format private key:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key from any PKCS#8 encrypted format to traditional format:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem
|
|
.Ve
|
|
.PP
|
|
Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with
|
|
one million iterations of the password:
|
|
.PP
|
|
.Vb 1
|
|
\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem
|
|
.Ve
|
|
.SH "STANDARDS"
|
|
.IX Header "STANDARDS"
|
|
Test vectors from this PKCS#5 v2.0 implementation were posted to the
|
|
pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
|
|
counts, several people confirmed that they could decrypt the private
|
|
keys produced and Therefore it can be assumed that the PKCS#5 v2.0
|
|
implementation is reasonably accurate at least as far as these
|
|
algorithms are concerned.
|
|
.PP
|
|
The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
|
|
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
|
|
PKCS#8 private key format complies with this standard.
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
There should be an option that prints out the encryption algorithm
|
|
in use and other details such as the iteration count.
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
\&\fIopenssl\fR\|(1),
|
|
\&\fIopenssl\-dsa\fR\|(1),
|
|
\&\fIopenssl\-rsa\fR\|(1),
|
|
\&\fIopenssl\-genrsa\fR\|(1),
|
|
\&\fIopenssl\-gendsa\fR\|(1)
|
|
.SH "HISTORY"
|
|
.IX Header "HISTORY"
|
|
The \fB\-iter\fR option was added in OpenSSL 1.1.0.
|
|
.SH "COPYRIGHT"
|
|
.IX Header "COPYRIGHT"
|
|
Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
.PP
|
|
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file \s-1LICENSE\s0 in the source distribution or at
|
|
<https://www.openssl.org/source/license.html>.
|