[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: RE: Generate private key problems
From: Yang Chun-Kai <waitmeforever () hotmail ! com>
Date: 2011-12-18 5:17:17
Message-ID: BAY156-W376B87EF779AD58F26368EB3A60 () phx ! gbl
[Download RAW message or body]
> Date: Sat, 17 Dec 2011 17:20:03 -0500
> Subject: Re: Generate private key problems
> From: noloader@gmail.com
> To: openssl-users@openssl.org
>
> 2011/12/17 Yang Chun-Kai <waitmeforever@hotmail.com>:
> >
> >
> >> Date: Fri, 16 Dec 2011 14:52:27 -0500
> >> Subject: Re: Generate private key problems
> >> From: noloader@gmail.com
> >> To: openssl-users@openssl.org
> >
> >>
> >> 2011/12/16 Yang Chun-Kai <waitmeforever@hotmail.com>:
> >> > 1. If I use "openssl genrsa -out my_private_key.key 2048" this command
> >> > then
> >> > I will get the encrypted private key or not encrypted key ?
> >> >
> >> > because I want to use python ssl module and heard python ssl lib not
> >> > support
> >> > encrypted private key for sockets.
> >> Pyhon's SSL module has some serious problems. You might want to pick a
> >> different library. See, for example, http://bugs.python.org/issue1589:
> >> "Unfortunately, hostname matching is one of those ideas that seemed
> >> better when it was thought up than it actually proved to be in
> >> practice."
> >>
> >> > 2. If I use encrypted key and .crs file to generate a certificate then
> >> > will
> >> > certificate be different from being generated with not encrypted key ?
> >> I don't believe so (other than encryption).
> >>
> >> > 3. " openssl genrsa -des3 -out my_private_key.key 2048" this command
> >> > will
> >> > generate a private as well, and more it will ask for password,
> >> >
> >> > and what is so differen with "-des3" parameter?
> >> http://www.openssl.org/docs/apps/req.html
> >>>>
> >>>>Ok, so not with -des/des3 I will get a not encrypted private key.
> >
> >> >
> >> > 4. How to generate the key and certificate in "PEM format"? Also heard
> >> > python ssl lib need private key and certificate in PEM f ormat.
> >> See -outform.
> >>>>
> >>>>I checked the manual "openssl genrsa" command not with "-outform PEM"
> >>>> option, then how can I do this ?
> >>>>Maybe transform it with "pkey command" ?
> Try:
>
> $ openssl genrsa -out rsa-openssl.pem 2048
> $ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8
> -outform DER -out rsa-openssl.der
>
> Jeff
>>>>>>Thanks a lot for tips, I will try these commands.>>>>>>Have a good day!!>>>
>>>Kay
[Attachment #3 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 9pt;
font-family:·s²Ó©úÅé
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<br><div><div id="SkyDrivePlaceholder"></div>> Date: Sat, 17 Dec 2011 17:20:03 \
-0500<br>> Subject: Re: Generate private key problems<br>> From: \
noloader@gmail.com<br>> To: openssl-users@openssl.org<br>> <br>> 2011/12/17 \
Yang Chun-Kai <waitmeforever@hotmail.com>:<br>> ><br>> ><br>> \
>> Date: Fri, 16 Dec 2011 14:52:27 -0500<br>> >> Subject: Re: Generate \
private key problems<br>> >> From: noloader@gmail.com<br>> >> To: \
openssl-users@openssl.org<br>> ><br>> >><br>> >> 2011/12/16 \
Yang Chun-Kai <waitmeforever@hotmail.com>:<br>> >> > 1. If I use \
"openssl genrsa -out my_private_key.key 2048" this command<br>> >> > \
then<br>> >> > I will get the encrypted private key or not encrypted key \
?<br>> >> ><br>> >> > because I want to use python ssl module \
and heard python ssl lib not<br>> >> > support<br>> >> > \
encrypted private key for sockets.<br>> >> Pyhon's SSL module has some \
serious problems. You might want to pick a<br>> >> different library. See, \
for example, http://bugs.python.org/issue1589:<br>> >> "Unfortunately, \
hostname matching is one of those ideas that seemed<br>> >> better when it \
was thought up than it actually proved to be in<br>> >> practice."<br>> \
>><br>> >> > 2. If I use encrypted key and .crs file to generate a \
certificate then<br>> >> > will<br>> >> > certificate be \
different from being generated with not encrypted key ?<br>> >> I don't \
believe so (other than encryption).<br>> >><br>> >> > 3. " \
openssl genrsa -des3 -out my_private_key.key 2048" this command<br>> >> > \
will<br>> >> > generate a private as well, and more it will ask for \
password,<br>> >> ><br>> >> > and what is so differen with \
"-des3" parameter?<br>> >> http://www.openssl.org/docs/apps/req.html<br>> \
>>>><br>> >>>>Ok, so not with -des/des3 I will get a not \
encrypted private key.<br>> ><br>> >> ><br>> >> > 4. \
How to generate the key and certificate in "PEM format"? Also heard<br>> >> \
> python ssl lib need private key and certificate in PEM f ormat.<br>> >> \
See -outform.<br>> >>>><br>> >>>>I checked the manual \
"openssl genrsa" command not with "-outform PEM"<br>> >>>> option, \
then how can I do this ?<br>> >>>>Maybe transform it with "pkey \
command" ?<br>> Try:<br>> <br>> $ openssl genrsa -out rsa-openssl.pem \
2048<br>> $ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8<br>> \
-outform DER -out rsa-openssl.der<br>> <br>> \
Jeff<br>>>></div><div>>>><font class="Apple-style-span" \
size="3">Thanks a lot for tips, I will try these \
commands.</font></div><div>>>></div><div>>>><font \
class="Apple-style-span" size="3">Have a good \
day!!</font></div><div>>>><br>>>><font class="Apple-style-span" \
size="3">Kay</font></div> </div></body> </html>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic