Lines Matching +full:pass +full:- +full:1
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
62 . tm Index:\\$1\t\\n%\t"\\$2"
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "PASSPHRASE-ENCODING 7ossl"
134 .TH PASSPHRASE-ENCODING 7ossl "2023-09-19" "3.0.11" "OpenSSL"
140 passphrase\-encoding
141 \&\- How diverse parts of OpenSSL treat pass phrases character encoding
144 In a modern world with all sorts of character encodings, the treatment of pass
150 The OpenSSL library doesn't treat pass phrases in any special way as a general
153 This means that for an object that was encrypted using a pass phrase encoded in
154 \&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in
155 \&\s-1ISO\-8859\-1.\s0
159 PKCS#12 is a bit different regarding pass phrase encoding.
160 The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0
162 encoded in big endian (\s-1UCS\-2 BE\s0).
165 .IP "1." 4
166 Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to
167 \&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000
171 Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and
172 opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0
175 Note that since there is no check of your locale, this may produce \s-1UCS\-2 /
176 UTF\-16\s0 characters that do not correspond to the original pass phrase characters
177 for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than
178 \&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*…
179 characters in the 0x80\-0x9F range).
186 A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as
187 0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0
188 and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but wo…
189 be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN
190 SMALL LETTER I WITH DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that
191 would be invalid \s-1UTF\-8\s0\fR.
192 A pass phrase that contains this kind of byte sequence will give a different
200 On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older
201 than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences.
202 .SS "\s-1OSSL_STORE\s0"
205 potentially protected with a pass phrase, a \s-1PIN\s0 or something else.
206 This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any
207 other pass phrase encoding may give undefined results.
208 This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check
209 that this is the case, so what it gets, it will also pass to the underlying
213 This section assumes that you know what pass phrase was used for encryption,
216 For example, the pass phrase may have been used at a time when your default
217 encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61
219 is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76
223 mentioned encoding when you type in your pass phrase, or use some suitable tool
224 to convert your pass phrase from your default encoding to the target encoding.
226 Also note that the sub-sections below discuss human readable pass phrases.
227 This is particularly relevant for PKCS#12 objects, where human readable pass
235 For creating new pass phrase protected objects, make sure the pass phrase is
236 encoded using \s-1UTF\-8.\s0
240 \&\fB\s-1OPENSSL_WIN32_UTF8\s0\fR will have anything entered on [Windows] console prompt
241 converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike).
244 For opening pass phrase protected objects where you know what character
245 encoding was used for the encryption pass phrase, make sure to use the same
248 For opening pass phrase protected objects where the character encoding that was
251 .IP "1." 4
252 Try the pass phrase that you have as it is in the character encoding of your
256 Convert the pass phrase to \s-1UTF\-8\s0 and try with the result.
260 Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try
262 This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to
263 U+0000 to U+00FF, which other non\-UTF\-8 character sets do not.
265 This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with
267 (for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would becom…
268 0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner.
270 erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0)
281 Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved.
285 in the file \s-1LICENSE\s0 in the source distribution or at