diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-06-15 23:48:05 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-06-15 23:48:05 +0000 |
| commit | d3ed8ceb3d5f4f6318e96a147433cb1b09bec211 (patch) | |
| tree | 411ed361228135a2f7b6d32568eed40dd3ed514c /doc/apps/rsa.pod | |
| parent | 569e7f6ef21a2cf0bac274ee0c3176fa639249f2 (diff) | |
Add support for the modified SGC key format used in IIS.
Diffstat (limited to 'doc/apps/rsa.pod')
| -rw-r--r-- | doc/apps/rsa.pod | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index 62ad62e23d..f0e613ed05 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -14,6 +14,7 @@ B<openssl> B<rsa> [B<-passin arg>] [B<-out filename>] [B<-passout arg>] +[B<-sgckey>] [B<-des>] [B<-des3>] [B<-idea>] @@ -42,9 +43,8 @@ This specifies the input format. The B<DER> option uses an ASN1 DER encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The B<PEM> form is the default format: it consists of the B<DER> format base64 encoded with additional header and footer lines. On input PKCS#8 format private -keys are also accepted. The B<NET> form is a format compatible with older Netscape -servers and MS IIS, this uses unsalted RC4 for its encryption. It is not very -secure and so should only be used when necessary. +keys are also accepted. The B<NET> form is a format is described in the B<NOTES> +section. =item B<-outform DER|NET|PEM> @@ -74,6 +74,11 @@ filename. the output file password source. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +=item B<-sgckey> + +use the modified NET algorithm used with some versions of Microsoft IIS and SGC +keys. + =item B<-des|-des3|-idea> These options encrypt the private key with the DES, triple DES, or the @@ -126,6 +131,18 @@ The PEM public key format uses the header and footer lines: -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- +The B<NET> form is a format compatible with older Netscape servers +and Microsoft IIS .key files, this uses unsalted RC4 for its encryption. +It is not very secure and so should only be used when necessary. + +Some newer version of IIS have additional data in the exported .key +files. To use thse with the utility view the file with a binary editor +and look for the string "private-key", then trace back to the byte +sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data +from this point onwards to another file and use that as the input +to the B<rsa> utility with the B<-inform NET> option. If you get +an error after entering the password try the B<-sgckey> option. + =head1 EXAMPLES To remove the pass phrase on an RSA private key: @@ -148,6 +165,14 @@ To just output the public part of a private key: openssl rsa -in key.pem -pubout -out pubkey.pem +=head1 BUGS + +The command line password arguments don't currently work with +B<NET> format. + +There should be an option that automatically handles .key files, +without having to manually edit them. + =head1 SEE ALSO L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, |