OpenSSL 1.0.1c key files are not compatible with OpenSSL 0.9.8x

| 0 Comments
A note to myself and my clients more than anything else...

It seems that when you generate a key using a 1.x version of the openssl utility the blob looks like this:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7BZmHKzGwtQCAggA

etc...

T+CaOPXRod3cKwZEgp0vkM+gpsLw0C6WVEdV01ZrgUsJ2DceYXaenHCjfZ7jwy84
LKk=
-----END ENCRYPTED PRIVATE KEY-----
whereas when you generate a key in exactly the same way with an 0.9.8 version of the utility the blob looks like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,061B6446EB96A47B

OFE9asOb689P0l6++Nwz0HYop4KdgKh6NFCzZV/kjp03VL2RW6beii2x70ikTLjs

etc...

Av0yRECeV+1ztYamAAYbniTeVsYaim07tBWadVFjYZqr+cOwDz/3ZPAn51/179j2
-----END RSA PRIVATE KEY-----
I'm sure someone who understands this stuff more than I do will be able to tell exactly what this difference means, but in practice, it means that if your code is built against an 0.9.8 release of OpenSSL then it will fail to load the key blob if you use SSL_CTX_use_PrivateKey_file().

Leave a comment