1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3*b077aed3SPierre Pronchery 4*b077aed3SPierre Pronchery=head1 NAME 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Proncheryopenssl-pkcs8 - PKCS#8 format private key conversion command 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre ProncheryB<openssl> B<pkcs8> 11*b077aed3SPierre Pronchery[B<-help>] 12*b077aed3SPierre Pronchery[B<-topk8>] 13*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>] 14*b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 15*b077aed3SPierre Pronchery[B<-in> I<filename>] 16*b077aed3SPierre Pronchery[B<-passin> I<arg>] 17*b077aed3SPierre Pronchery[B<-out> I<filename>] 18*b077aed3SPierre Pronchery[B<-passout> I<arg>] 19*b077aed3SPierre Pronchery[B<-iter> I<count>] 20*b077aed3SPierre Pronchery[B<-noiter>] 21*b077aed3SPierre Pronchery[B<-nocrypt>] 22*b077aed3SPierre Pronchery[B<-traditional>] 23*b077aed3SPierre Pronchery[B<-v2> I<alg>] 24*b077aed3SPierre Pronchery[B<-v2prf> I<alg>] 25*b077aed3SPierre Pronchery[B<-v1> I<alg>] 26*b077aed3SPierre Pronchery[B<-scrypt>] 27*b077aed3SPierre Pronchery[B<-scrypt_N> I<N>] 28*b077aed3SPierre Pronchery[B<-scrypt_r> I<r>] 29*b077aed3SPierre Pronchery[B<-scrypt_p> I<p>] 30*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_synopsis -} 31*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 32*b077aed3SPierre Pronchery 33*b077aed3SPierre Pronchery=head1 DESCRIPTION 34*b077aed3SPierre Pronchery 35*b077aed3SPierre ProncheryThis command processes private keys in PKCS#8 format. It can handle 36*b077aed3SPierre Proncheryboth unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo 37*b077aed3SPierre Proncheryformat with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=head1 OPTIONS 40*b077aed3SPierre Pronchery 41*b077aed3SPierre Pronchery=over 4 42*b077aed3SPierre Pronchery 43*b077aed3SPierre Pronchery=item B<-help> 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryPrint out a usage message. 46*b077aed3SPierre Pronchery 47*b077aed3SPierre Pronchery=item B<-topk8> 48*b077aed3SPierre Pronchery 49*b077aed3SPierre ProncheryNormally a PKCS#8 private key is expected on input and a private key will be 50*b077aed3SPierre Proncherywritten to the output file. With the B<-topk8> option the situation is 51*b077aed3SPierre Proncheryreversed: it reads a private key and writes a PKCS#8 format key. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> 54*b077aed3SPierre Pronchery 55*b077aed3SPierre ProncheryThe input and formats; the default is B<PEM>. 56*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 57*b077aed3SPierre Pronchery 58*b077aed3SPierre ProncheryIf a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is 59*b077aed3SPierre Proncherynot used) then the input file must be in PKCS#8 format. An encrypted 60*b077aed3SPierre Proncherykey is expected unless B<-nocrypt> is included. 61*b077aed3SPierre Pronchery 62*b077aed3SPierre ProncheryIf B<-topk8> is not used and B<PEM> mode is set the output file will be an 63*b077aed3SPierre Proncheryunencrypted private key in PKCS#8 format. If the B<-traditional> option is 64*b077aed3SPierre Proncheryused then a traditional format private key is written instead. 65*b077aed3SPierre Pronchery 66*b077aed3SPierre ProncheryIf B<-topk8> is not used and B<DER> mode is set the output file will be an 67*b077aed3SPierre Proncheryunencrypted private key in traditional DER format. 68*b077aed3SPierre Pronchery 69*b077aed3SPierre ProncheryIf B<-topk8> is used then any supported private key can be used for the input 70*b077aed3SPierre Proncheryfile in a format specified by B<-inform>. The output file will be encrypted 71*b077aed3SPierre ProncheryPKCS#8 format using the specified encryption parameters unless B<-nocrypt> 72*b077aed3SPierre Proncheryis included. 73*b077aed3SPierre Pronchery 74*b077aed3SPierre Pronchery=item B<-traditional> 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncheryWhen this option is present and B<-topk8> is not a traditional format private 77*b077aed3SPierre Proncherykey is written. 78*b077aed3SPierre Pronchery 79*b077aed3SPierre Pronchery=item B<-in> I<filename> 80*b077aed3SPierre Pronchery 81*b077aed3SPierre ProncheryThis specifies the input filename to read a key from or standard input if this 82*b077aed3SPierre Proncheryoption is not specified. If the key is encrypted a pass phrase will be 83*b077aed3SPierre Proncheryprompted for. 84*b077aed3SPierre Pronchery 85*b077aed3SPierre Pronchery=item B<-passin> I<arg>, B<-passout> I<arg> 86*b077aed3SPierre Pronchery 87*b077aed3SPierre ProncheryThe password source for the input and output file. 88*b077aed3SPierre ProncheryFor more information about the format of B<arg> 89*b077aed3SPierre Proncherysee L<openssl-passphrase-options(1)>. 90*b077aed3SPierre Pronchery 91*b077aed3SPierre Pronchery=item B<-out> I<filename> 92*b077aed3SPierre Pronchery 93*b077aed3SPierre ProncheryThis specifies the output filename to write a key to or standard output by 94*b077aed3SPierre Proncherydefault. If any encryption options are set then a pass phrase will be 95*b077aed3SPierre Proncheryprompted for. The output filename should B<not> be the same as the input 96*b077aed3SPierre Proncheryfilename. 97*b077aed3SPierre Pronchery 98*b077aed3SPierre Pronchery=item B<-iter> I<count> 99*b077aed3SPierre Pronchery 100*b077aed3SPierre ProncheryWhen creating new PKCS#8 containers, use a given number of iterations on 101*b077aed3SPierre Proncherythe password in deriving the encryption key for the PKCS#8 output. 102*b077aed3SPierre ProncheryHigh values increase the time required to brute-force a PKCS#8 container. 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery=item B<-noiter> 105*b077aed3SPierre Pronchery 106*b077aed3SPierre ProncheryWhen creating new PKCS#8 containers, use 1 as iteration count. 107*b077aed3SPierre Pronchery 108*b077aed3SPierre Pronchery=item B<-nocrypt> 109*b077aed3SPierre Pronchery 110*b077aed3SPierre ProncheryPKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo 111*b077aed3SPierre Proncherystructures using an appropriate password based encryption algorithm. With 112*b077aed3SPierre Proncherythis option an unencrypted PrivateKeyInfo structure is expected or output. 113*b077aed3SPierre ProncheryThis option does not encrypt private keys at all and should only be used 114*b077aed3SPierre Proncherywhen absolutely necessary. Certain software such as some versions of Java 115*b077aed3SPierre Proncherycode signing software used unencrypted private keys. 116*b077aed3SPierre Pronchery 117*b077aed3SPierre Pronchery=item B<-v2> I<alg> 118*b077aed3SPierre Pronchery 119*b077aed3SPierre ProncheryThis option sets the PKCS#5 v2.0 algorithm. 120*b077aed3SPierre Pronchery 121*b077aed3SPierre ProncheryThe I<alg> argument is the encryption algorithm to use, valid values include 122*b077aed3SPierre ProncheryB<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256> 123*b077aed3SPierre Proncheryis used. 124*b077aed3SPierre Pronchery 125*b077aed3SPierre Pronchery=item B<-v2prf> I<alg> 126*b077aed3SPierre Pronchery 127*b077aed3SPierre ProncheryThis option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value 128*b077aed3SPierre Proncheryvalue would be B<hmacWithSHA256>. If this option isn't set then the default 129*b077aed3SPierre Proncheryfor the cipher is used or B<hmacWithSHA256> if there is no default. 130*b077aed3SPierre Pronchery 131*b077aed3SPierre ProncherySome implementations may not support custom PRF algorithms and may require 132*b077aed3SPierre Proncherythe B<hmacWithSHA1> option to work. 133*b077aed3SPierre Pronchery 134*b077aed3SPierre Pronchery=item B<-v1> I<alg> 135*b077aed3SPierre Pronchery 136*b077aed3SPierre ProncheryThis option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some 137*b077aed3SPierre Proncheryolder implementations may not support PKCS#5 v2.0 and may require this option. 138*b077aed3SPierre ProncheryIf not specified PKCS#5 v2.0 form is used. 139*b077aed3SPierre Pronchery 140*b077aed3SPierre Pronchery=item B<-scrypt> 141*b077aed3SPierre Pronchery 142*b077aed3SPierre ProncheryUses the B<scrypt> algorithm for private key encryption using default 143*b077aed3SPierre Proncheryparameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit 144*b077aed3SPierre Proncherykey. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>, 145*b077aed3SPierre ProncheryB<-scrypt_p> and B<-v2> options. 146*b077aed3SPierre Pronchery 147*b077aed3SPierre Pronchery=item B<-scrypt_N> I<N>, B<-scrypt_r> I<r>, B<-scrypt_p> I<p> 148*b077aed3SPierre Pronchery 149*b077aed3SPierre ProncherySets the scrypt I<N>, I<r> or I<p> parameters. 150*b077aed3SPierre Pronchery 151*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_item -} 152*b077aed3SPierre Pronchery 153*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -} 154*b077aed3SPierre Pronchery 155*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 156*b077aed3SPierre Pronchery 157*b077aed3SPierre Pronchery=back 158*b077aed3SPierre Pronchery 159*b077aed3SPierre Pronchery=head1 NOTES 160*b077aed3SPierre Pronchery 161*b077aed3SPierre ProncheryBy default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit 162*b077aed3SPierre ProncheryAES with HMAC and SHA256 is used. 163*b077aed3SPierre Pronchery 164*b077aed3SPierre ProncherySome older implementations do not support PKCS#5 v2.0 format and require 165*b077aed3SPierre Proncherythe older PKCS#5 v1.5 form instead, possibly also requiring insecure weak 166*b077aed3SPierre Proncheryencryption algorithms such as 56 bit DES. 167*b077aed3SPierre Pronchery 168*b077aed3SPierre ProncheryPrivate keys encrypted using PKCS#5 v2.0 algorithms and high iteration 169*b077aed3SPierre Proncherycounts are more secure that those encrypted using the traditional 170*b077aed3SPierre ProncherySSLeay compatible formats. So if additional security is considered 171*b077aed3SPierre Proncheryimportant the keys should be converted. 172*b077aed3SPierre Pronchery 173*b077aed3SPierre ProncheryIt is possible to write out DER encoded encrypted private keys in 174*b077aed3SPierre ProncheryPKCS#8 format because the encryption details are included at an ASN1 175*b077aed3SPierre Proncherylevel whereas the traditional format includes them at a PEM level. 176*b077aed3SPierre Pronchery 177*b077aed3SPierre Pronchery=head1 PKCS#5 V1.5 AND PKCS#12 ALGORITHMS 178*b077aed3SPierre Pronchery 179*b077aed3SPierre ProncheryVarious algorithms can be used with the B<-v1> command line option, 180*b077aed3SPierre Proncheryincluding PKCS#5 v1.5 and PKCS#12. These are described in more detail 181*b077aed3SPierre Proncherybelow. 182*b077aed3SPierre Pronchery 183*b077aed3SPierre Pronchery=over 4 184*b077aed3SPierre Pronchery 185*b077aed3SPierre Pronchery=item B<PBE-MD2-DES PBE-MD5-DES> 186*b077aed3SPierre Pronchery 187*b077aed3SPierre ProncheryThese algorithms were included in the original PKCS#5 v1.5 specification. 188*b077aed3SPierre ProncheryThey only offer 56 bits of protection since they both use DES. 189*b077aed3SPierre Pronchery 190*b077aed3SPierre Pronchery=item B<PBE-SHA1-RC2-64>, B<PBE-MD2-RC2-64>, B<PBE-MD5-RC2-64>, B<PBE-SHA1-DES> 191*b077aed3SPierre Pronchery 192*b077aed3SPierre ProncheryThese algorithms are not mentioned in the original PKCS#5 v1.5 specification 193*b077aed3SPierre Proncherybut they use the same key derivation algorithm and are supported by some 194*b077aed3SPierre Proncherysoftware. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or 195*b077aed3SPierre Pronchery56 bit DES. 196*b077aed3SPierre Pronchery 197*b077aed3SPierre Pronchery=item B<PBE-SHA1-RC4-128>, B<PBE-SHA1-RC4-40>, B<PBE-SHA1-3DES>, B<PBE-SHA1-2DES>, B<PBE-SHA1-RC2-128>, B<PBE-SHA1-RC2-40> 198*b077aed3SPierre Pronchery 199*b077aed3SPierre ProncheryThese algorithms use the PKCS#12 password based encryption algorithm and 200*b077aed3SPierre Proncheryallow strong encryption algorithms like triple DES or 128 bit RC2 to be used. 201*b077aed3SPierre Pronchery 202*b077aed3SPierre Pronchery=back 203*b077aed3SPierre Pronchery 204*b077aed3SPierre Pronchery=head1 EXAMPLES 205*b077aed3SPierre Pronchery 206*b077aed3SPierre ProncheryConvert a private key to PKCS#8 format using default parameters (AES with 207*b077aed3SPierre Pronchery256 bit key and B<hmacWithSHA256>): 208*b077aed3SPierre Pronchery 209*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -out enckey.pem 210*b077aed3SPierre Pronchery 211*b077aed3SPierre ProncheryConvert a private key to PKCS#8 unencrypted format: 212*b077aed3SPierre Pronchery 213*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem 214*b077aed3SPierre Pronchery 215*b077aed3SPierre ProncheryConvert a private key to PKCS#5 v2.0 format using triple DES: 216*b077aed3SPierre Pronchery 217*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem 218*b077aed3SPierre Pronchery 219*b077aed3SPierre ProncheryConvert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC 220*b077aed3SPierre Proncherymode and B<hmacWithSHA512> PRF: 221*b077aed3SPierre Pronchery 222*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem 223*b077aed3SPierre Pronchery 224*b077aed3SPierre ProncheryConvert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm 225*b077aed3SPierre Pronchery(DES): 226*b077aed3SPierre Pronchery 227*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem 228*b077aed3SPierre Pronchery 229*b077aed3SPierre ProncheryConvert a private key to PKCS#8 using a PKCS#12 compatible algorithm 230*b077aed3SPierre Pronchery(3DES): 231*b077aed3SPierre Pronchery 232*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES 233*b077aed3SPierre Pronchery 234*b077aed3SPierre ProncheryRead a DER unencrypted PKCS#8 format private key: 235*b077aed3SPierre Pronchery 236*b077aed3SPierre Pronchery openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem 237*b077aed3SPierre Pronchery 238*b077aed3SPierre ProncheryConvert a private key from any PKCS#8 encrypted format to traditional format: 239*b077aed3SPierre Pronchery 240*b077aed3SPierre Pronchery openssl pkcs8 -in pk8.pem -traditional -out key.pem 241*b077aed3SPierre Pronchery 242*b077aed3SPierre ProncheryConvert a private key to PKCS#8 format, encrypting with AES-256 and with 243*b077aed3SPierre Proncheryone million iterations of the password: 244*b077aed3SPierre Pronchery 245*b077aed3SPierre Pronchery openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem 246*b077aed3SPierre Pronchery 247*b077aed3SPierre Pronchery=head1 STANDARDS 248*b077aed3SPierre Pronchery 249*b077aed3SPierre ProncheryTest vectors from this PKCS#5 v2.0 implementation were posted to the 250*b077aed3SPierre Proncherypkcs-tng mailing list using triple DES, DES and RC2 with high iteration 251*b077aed3SPierre Proncherycounts, several people confirmed that they could decrypt the private 252*b077aed3SPierre Proncherykeys produced and therefore, it can be assumed that the PKCS#5 v2.0 253*b077aed3SPierre Proncheryimplementation is reasonably accurate at least as far as these 254*b077aed3SPierre Proncheryalgorithms are concerned. 255*b077aed3SPierre Pronchery 256*b077aed3SPierre ProncheryThe format of PKCS#8 DSA (and other) private keys is not well documented: 257*b077aed3SPierre Proncheryit is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA 258*b077aed3SPierre ProncheryPKCS#8 private key format complies with this standard. 259*b077aed3SPierre Pronchery 260*b077aed3SPierre Pronchery=head1 BUGS 261*b077aed3SPierre Pronchery 262*b077aed3SPierre ProncheryThere should be an option that prints out the encryption algorithm 263*b077aed3SPierre Proncheryin use and other details such as the iteration count. 264*b077aed3SPierre Pronchery 265*b077aed3SPierre Pronchery=head1 SEE ALSO 266*b077aed3SPierre Pronchery 267*b077aed3SPierre ProncheryL<openssl(1)>, 268*b077aed3SPierre ProncheryL<openssl-dsa(1)>, 269*b077aed3SPierre ProncheryL<openssl-rsa(1)>, 270*b077aed3SPierre ProncheryL<openssl-genrsa(1)>, 271*b077aed3SPierre ProncheryL<openssl-gendsa(1)> 272*b077aed3SPierre Pronchery 273*b077aed3SPierre Pronchery=head1 HISTORY 274*b077aed3SPierre Pronchery 275*b077aed3SPierre ProncheryThe B<-iter> option was added in OpenSSL 1.1.0. 276*b077aed3SPierre Pronchery 277*b077aed3SPierre ProncheryThe B<-engine> option was deprecated in OpenSSL 3.0. 278*b077aed3SPierre Pronchery 279*b077aed3SPierre Pronchery=head1 COPYRIGHT 280*b077aed3SPierre Pronchery 281*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 282*b077aed3SPierre Pronchery 283*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 284*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 285*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 286*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 287*b077aed3SPierre Pronchery 288*b077aed3SPierre Pronchery=cut 289