1 .\" $NetBSD: openssl_pkcs8.1,v 1.14 2015/06/12 17:01:15 christos Exp $
3 .\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
6 .\" ========================================================================
7 .de Sp \" Vertical space (when we can't use .PP)
11 .de Vb \" Begin verbatim text
16 .de Ve \" End verbatim text
20 .\" Set up some character translations and predefined strings. \*(-- will
21 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
22 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
23 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
24 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
25 .\" nothing in troff, for use with C<>.
27 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
31 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
32 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
47 .\" Escape single quotes in literal strings from groff's Unicode transform.
51 .\" If the F register is turned on, we'll generate index entries on stderr for
52 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
53 .\" entries marked with X<> in POD. Of course, you'll have to process the
54 .\" output yourself in some meaningful fashion.
56 .\" Avoid warning from groff about undefined register 'F'.
60 .if \n(.g .if rF .nr rF 1
61 .if (\n(rF:(\n(.g==0)) \{
64 . tm Index:\\$1\t\\n%\t"\\$2"
74 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
75 .\" Fear. Run. Save yourself. No user-serviceable parts.
76 . \" fudge factors for nroff and troff
85 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
91 . \" simple accents for nroff and troff
101 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
102 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
103 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
104 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
105 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
106 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
108 . \" troff and (daisy-wheel) nroff accents
109 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
110 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
111 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
112 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
113 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
114 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
115 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
116 .ds ae a\h'-(\w'a'u*4/10)'e
117 .ds Ae A\h'-(\w'A'u*4/10)'E
118 . \" corrections for vroff
119 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
120 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
121 . \" for low resolution devices (crt and lpr)
122 .if \n(.H>23 .if \n(.V>19 \
135 .\" ========================================================================
138 .TH PKCS8 1 "2009-07-19" "1.0.1n" "OpenSSL"
139 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
140 .\" way too many mistakes in technical documents.
144 pkcs8 \- PKCS#8 format private key conversion tool
148 .IX Header "SYNOPSIS"
149 \&\fBopenssl\fR \fBpkcs8\fR
151 [\fB\-inform PEM|DER\fR]
152 [\fB\-outform PEM|DER\fR]
153 [\fB\-in filename\fR]
155 [\fB\-out filename\fR]
156 [\fB\-passout arg\fR]
166 .IX Header "DESCRIPTION"
167 The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
168 both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
169 format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
170 .SH "COMMAND OPTIONS"
171 .IX Header "COMMAND OPTIONS"
172 .IP "\fB\-topk8\fR" 4
174 Normally a PKCS#8 private key is expected on input and a traditional format
175 private key will be written. With the \fB\-topk8\fR option the situation is
176 reversed: it reads a traditional format private key and writes a PKCS#8
178 .IP "\fB\-inform DER|PEM\fR" 4
179 .IX Item "-inform DER|PEM"
180 This specifies the input format. If a PKCS#8 format key is expected on input
181 then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be
182 expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format
184 .IP "\fB\-outform DER|PEM\fR" 4
185 .IX Item "-outform DER|PEM"
186 This specifies the output format, the options have the same meaning as the
187 \&\fB\-inform\fR option.
188 .IP "\fB\-in filename\fR" 4
189 .IX Item "-in filename"
190 This specifies the input filename to read a key from or standard input if this
191 option is not specified. If the key is encrypted a pass phrase will be
193 .IP "\fB\-passin arg\fR" 4
194 .IX Item "-passin arg"
195 the input file password source. For more information about the format of \fBarg\fR
196 see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
197 .IP "\fB\-out filename\fR" 4
198 .IX Item "-out filename"
199 This specifies the output filename to write a key to or standard output by
200 default. If any encryption options are set then a pass phrase will be
201 prompted for. The output filename should \fBnot\fR be the same as the input
203 .IP "\fB\-passout arg\fR" 4
204 .IX Item "-passout arg"
205 the output file password source. For more information about the format of \fBarg\fR
206 see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
207 .IP "\fB\-nocrypt\fR" 4
209 PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
210 structures using an appropriate password based encryption algorithm. With
211 this option an unencrypted PrivateKeyInfo structure is expected or output.
212 This option does not encrypt private keys at all and should only be used
213 when absolutely necessary. Certain software such as some versions of Java
214 code signing software used unencrypted private keys.
215 .IP "\fB\-nooct\fR" 4
217 This option generates \s-1RSA\s0 private keys in a broken format that some software
218 uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0
219 but some software just includes the structure itself without the
220 surrounding \s-1OCTET STRING.\s0
221 .IP "\fB\-embed\fR" 4
223 This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
224 embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0
225 contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
226 the parameters and an \s-1ASN1 INTEGER\s0 containing the private key.
229 This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
230 private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of
231 the public and private keys respectively.
232 .IP "\fB\-v2 alg\fR" 4
234 This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
235 private keys are encrypted with the password based encryption algorithm
236 called \fBpbeWithMD5AndDES\-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it
237 was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
238 the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any
239 encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however
240 not many implementations support PKCS#5 v2.0 yet. If you are just using
241 private keys with OpenSSL then this doesn't matter.
243 The \fBalg\fR argument is the encryption algorithm to use, valid values include
244 \&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used.
245 .IP "\fB\-v1 alg\fR" 4
247 This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
248 list of possible algorithms is included below.
249 .IP "\fB\-engine id\fR" 4
250 .IX Item "-engine id"
251 specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs8\fR
252 to attempt to obtain a functional reference to the specified engine,
253 thus initialising it if needed. The engine will then be set as the default
254 for all available algorithms.
257 The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
261 \& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\-
262 \& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\-
265 The unencrypted form uses:
268 \& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
269 \& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
272 Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
273 counts are more secure that those encrypted using the traditional
274 SSLeay compatible formats. So if additional security is considered
275 important the keys should be converted.
277 The default encryption is only 56 bits because this is the encryption
278 that most current implementations of PKCS#8 will support.
280 Some software may use PKCS#12 password based encryption algorithms
281 with PKCS#8 format private keys: these are handled automatically
282 but there is no option to produce them.
284 It is possible to write out \s-1DER\s0 encoded encrypted private keys in
285 PKCS#8 format because the encryption details are included at an \s-1ASN1\s0
286 level whereas the traditional format includes them at a \s-1PEM\s0 level.
287 .SH "PKCS#5 v1.5 and PKCS#12 algorithms."
288 .IX Header "PKCS#5 v1.5 and PKCS#12 algorithms."
289 Various algorithms can be used with the \fB\-v1\fR command line option,
290 including PKCS#5 v1.5 and PKCS#12. These are described in more detail
292 .IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4
293 .IX Item "PBE-MD2-DES PBE-MD5-DES"
294 These algorithms were included in the original PKCS#5 v1.5 specification.
295 They only offer 56 bits of protection since they both use \s-1DES.\s0
296 .IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4
297 .IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
298 These algorithms are not mentioned in the original PKCS#5 v1.5 specification
299 but they use the same key derivation algorithm and are supported by some
300 software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
302 .IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4
303 .IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
304 These algorithms use the PKCS#12 password based encryption algorithm and
305 allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
307 .IX Header "EXAMPLES"
308 Convert a private from traditional to PKCS#5 v2.0 format using triple
312 \& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem
315 Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
319 \& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem
322 Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
326 \& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES
329 Read a \s-1DER\s0 unencrypted PKCS#8 format private key:
332 \& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem
335 Convert a private key from any PKCS#8 format to traditional format:
338 \& openssl pkcs8 \-in pk8.pem \-out key.pem
341 .IX Header "STANDARDS"
342 Test vectors from this PKCS#5 v2.0 implementation were posted to the
343 pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration
344 counts, several people confirmed that they could decrypt the private
345 keys produced and Therefore it can be assumed that the PKCS#5 v2.0
346 implementation is reasonably accurate at least as far as these
347 algorithms are concerned.
349 The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
350 it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
351 PKCS#8 private key format complies with this standard.
354 There should be an option that prints out the encryption algorithm
355 in use and other details such as the iteration count.
357 PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private
358 key format for OpenSSL: for compatibility several of the utilities use
359 the old format at present.
361 .IX Header "SEE ALSO"
362 \&\fIopenssl_dsa\fR\|(1), \fIopenssl_rsa\fR\|(1), \fIopenssl_genrsa\fR\|(1),
363 \&\fIopenssl_gendsa\fR\|(1)