[ssh_x509] Question RE: store identities(keys) in PKCS#8 PEM format

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Dec 10 16:53:55 EET 2020

Thanks for the response! I'm apologize that I am still a little bit confused on one point. It sounds like you are saying I can use -m to get the old PKCS1 format, but when  I use -m PEM, I don't see that format.

Or do you mean that I would need to use openssl genpkey to get the old format?

Thanks for the help,

On Wednesday, December 9, 2020, 04:29:01 PM EST, <ssh_x509 at roumenpetrov.info> wrote: 

Hi Alex,

> Roumen,
> As I'm upgrading to the latest release of PKIX-SSH, I'm seeing some changes in ssh-keygen. It appears that in release 12.3 (and commit 5e0974257d55618d71063634ade9dde18b540d23), ssh-keygen changed to support PKCS#8 keys and no longer support writing PKCS#1 key format. Is that accurate? My apologies if I am completely misunderstanding the change here, but if so, why the decision to leave PKCS#1 behind?

The main reason is that PCKS#8 is more universal. Also since OpenSSL 1.0.0 PKCS#8 is default. And there is no impact to any PKIX-SSH release.

- Keys stored in "old" format are still supported - see technical details below.
- Openssl utilities could be used to restore "old" format if needed.
- FIPS enabled builds must use PKCS#8 format. Remark: PKIX-SSH supports  OpenSSL fips 1.2.* (OpenSSL 0.9.8) and fips 2.0 (OpenSSL 1.0.1) modules.
- Openssl 1.0 (10 years ago) adds universal utility - genpkey. It uses PKCS#8 format. Utilities like genrsa (old format) could be considered as obsolete.

Sample key generation with "old"(traditional) format: openssl genpkey -algorithm RSA | openssl rsa

OpenSSL 1.0.0 changes default format used by function PEM_write_bio_PrivateKey. As result above mentioned commit was corrected in 86ac9df3a36664b61bd63d53dfaaae27c74b9e3d - use PEM_write_bio_PKCS8PrivateKey instead PEM_write_bio_PrivateKey.
Also with this version OpenSSL team stop to accept "old" formats and recommend loadable modules(engines) to use PKCS#8. See for example gost.

I cannot see any reason to restore store in "old"(traditional) format. Remark: technically option -m could be used to specify private key format.

Even ancient OpenSSL 0.9.7 could read either traditional or PKCS#8 format. For details see function PEM_read_bio_PrivateKey. With other words read of traditional or PKCS#8 key is transparent to applications.
For instance PKIX-SSH still support builds with ancient version like 0.9.7 and I cannot see any impacts from key format change.

> Thanks,
> Alex


ssh_x509 mailing list
ssh_x509 at roumenpetrov.info

More information about the ssh_x509 mailing list