2

I manage a system that stores RSA private keys.
The user can insert the keys either encrypted or clear text (it's always PEM though). the user also insert a passphrase.

using the openSSL API (and not CLI), I have two questions:

  1. is there an API that receives a PEM key and return if the key is encrypted
  2. is there an API that receives an encrypted key (in PEM format) + passphrase and return the key unencrypted?

I was looking a lot in the examples and wikis, but didn't found what I need

Amigal

amigal
  • 193
  • 3
  • 9

2 Answers2

1

The function PEM_read_(bio_)PrivateKey reads an encrypted or unencrypted private key. I suppose PEM_write_PrivateKey writes it again.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
  • I used this interface at first time, but if received an encrypted file, it encrypt it again – amigal May 24 '17 at 07:24
0

Well...

as Sjoerd suggested in is answer, the PEM_write_(bio_)PrivateKey function does the job:

it appears that when calling to PEM_read_(bio_)PrivateKey, the openSSL keeps the key clear (if the function get a file containing an encrypted key, it requires the passphrase used for the encryption....

now, it's all about the parameters given to the PEM_write_(bio_)PrivateKey:
1. if a passphrase is given, the key is encrypted with the given supplied passphrase and copied to a file.
2. if no passphrase is given, the key is copied clear to the file.

amigal
  • 193
  • 3
  • 9