1PKCS8(1) OpenSSL PKCS8(1)
2
3
4
6 openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool
7
9 openssl pkcs8 [-help] [-topk8] [-inform PEM|DER] [-outform PEM|DER]
10 [-in filename] [-passin arg] [-out filename] [-passout arg] [-iter
11 count] [-noiter] [-rand file...] [-writerand file] [-nocrypt]
12 [-traditional] [-v2 alg] [-v2prf alg] [-v1 alg] [-engine id] [-scrypt]
13 [-scrypt_N N] [-scrypt_r r] [-scrypt_p p]
14
16 The pkcs8 command processes private keys in PKCS#8 format. It can
17 handle both unencrypted PKCS#8 PrivateKeyInfo format and
18 EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1.5 and v2.0)
19 and PKCS#12 algorithms.
20
22 -help
23 Print out a usage message.
24
25 -topk8
26 Normally a PKCS#8 private key is expected on input and a private
27 key will be written to the output file. With the -topk8 option the
28 situation is reversed: it reads a private key and writes a PKCS#8
29 format key.
30
31 -inform DER|PEM
32 This specifies the input format: see "KEY FORMATS" for more
33 details. The default format is PEM.
34
35 -outform DER|PEM
36 This specifies the output format: see "KEY FORMATS" for more
37 details. The default format is PEM.
38
39 -traditional
40 When this option is present and -topk8 is not a traditional format
41 private key is written.
42
43 -in filename
44 This specifies the input filename to read a key from or standard
45 input if this option is not specified. If the key is encrypted a
46 pass phrase will be prompted for.
47
48 -passin arg
49 The input file password source. For more information about the
50 format of arg see "Pass Phrase Options" in openssl(1).
51
52 -out filename
53 This specifies the output filename to write a key to or standard
54 output by default. If any encryption options are set then a pass
55 phrase will be prompted for. The output filename should not be the
56 same as the input filename.
57
58 -passout arg
59 The output file password source. For more information about the
60 format of arg see "Pass Phrase Options" in openssl(1).
61
62 -iter count
63 When creating new PKCS#8 containers, use a given number of
64 iterations on the password in deriving the encryption key for the
65 PKCS#8 output. High values increase the time required to brute-
66 force a PKCS#8 container.
67
68 -nocrypt
69 PKCS#8 keys generated or input are normally PKCS#8
70 EncryptedPrivateKeyInfo structures using an appropriate password
71 based encryption algorithm. With this option an unencrypted
72 PrivateKeyInfo structure is expected or output. This option does
73 not encrypt private keys at all and should only be used when
74 absolutely necessary. Certain software such as some versions of
75 Java code signing software used unencrypted private keys.
76
77 -rand file...
78 A file or files containing random data used to seed the random
79 number generator. Multiple files can be specified separated by an
80 OS-dependent character. The separator is ; for MS-Windows, , for
81 OpenVMS, and : for all others.
82
83 [-writerand file]
84 Writes random data to the specified file upon exit. This can be
85 used with a subsequent -rand flag.
86
87 -v2 alg
88 This option sets the PKCS#5 v2.0 algorithm.
89
90 The alg argument is the encryption algorithm to use, valid values
91 include aes128, aes256 and des3. If this option isn't specified
92 then aes256 is used.
93
94 -v2prf alg
95 This option sets the PRF algorithm to use with PKCS#5 v2.0. A
96 typical value value would be hmacWithSHA256. If this option isn't
97 set then the default for the cipher is used or hmacWithSHA256 if
98 there is no default.
99
100 Some implementations may not support custom PRF algorithms and may
101 require the hmacWithSHA1 option to work.
102
103 -v1 alg
104 This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be
105 used. Some older implementations may not support PKCS#5 v2.0 and
106 may require this option. If not specified PKCS#5 v2.0 form is
107 used.
108
109 -engine id
110 Specifying an engine (by its unique id string) will cause pkcs8 to
111 attempt to obtain a functional reference to the specified engine,
112 thus initialising it if needed. The engine will then be set as the
113 default for all available algorithms.
114
115 -scrypt
116 Uses the scrypt algorithm for private key encryption using default
117 parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with
118 a 256 bit key. These parameters can be modified using the
119 -scrypt_N, -scrypt_r, -scrypt_p and -v2 options.
120
121 -scrypt_N N -scrypt_r r -scrypt_p p
122 Sets the scrypt N, r or p parameters.
123
125 Various different formats are used by the pkcs8 utility. These are
126 detailed below.
127
128 If a key is being converted from PKCS#8 form (i.e. the -topk8 option is
129 not used) then the input file must be in PKCS#8 format. An encrypted
130 key is expected unless -nocrypt is included.
131
132 If -topk8 is not used and PEM mode is set the output file will be an
133 unencrypted private key in PKCS#8 format. If the -traditional option is
134 used then a traditional format private key is written instead.
135
136 If -topk8 is not used and DER mode is set the output file will be an
137 unencrypted private key in traditional DER format.
138
139 If -topk8 is used then any supported private key can be used for the
140 input file in a format specified by -inform. The output file will be
141 encrypted PKCS#8 format using the specified encryption parameters
142 unless -nocrypt is included.
143
145 By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using
146 256 bit AES with HMAC and SHA256 is used.
147
148 Some older implementations do not support PKCS#5 v2.0 format and
149 require the older PKCS#5 v1.5 form instead, possibly also requiring
150 insecure weak encryption algorithms such as 56 bit DES.
151
152 The encrypted form of a PEM encode PKCS#8 files uses the following
153 headers and footers:
154
155 -----BEGIN ENCRYPTED PRIVATE KEY-----
156 -----END ENCRYPTED PRIVATE KEY-----
157
158 The unencrypted form uses:
159
160 -----BEGIN PRIVATE KEY-----
161 -----END PRIVATE KEY-----
162
163 Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
164 counts are more secure that those encrypted using the traditional
165 SSLeay compatible formats. So if additional security is considered
166 important the keys should be converted.
167
168 It is possible to write out DER encoded encrypted private keys in
169 PKCS#8 format because the encryption details are included at an ASN1
170 level whereas the traditional format includes them at a PEM level.
171
173 Various algorithms can be used with the -v1 command line option,
174 including PKCS#5 v1.5 and PKCS#12. These are described in more detail
175 below.
176
177 PBE-MD2-DES PBE-MD5-DES
178 These algorithms were included in the original PKCS#5 v1.5
179 specification. They only offer 56 bits of protection since they
180 both use DES.
181
182 PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES
183 These algorithms are not mentioned in the original PKCS#5 v1.5
184 specification but they use the same key derivation algorithm and
185 are supported by some software. They are mentioned in PKCS#5 v2.0.
186 They use either 64 bit RC2 or 56 bit DES.
187
188 PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES,
189 PBE-SHA1-RC2-128, PBE-SHA1-RC2-40
190 These algorithms use the PKCS#12 password based encryption
191 algorithm and allow strong encryption algorithms like triple DES or
192 128 bit RC2 to be used.
193
195 Convert a private key to PKCS#8 format using default parameters (AES
196 with 256 bit key and hmacWithSHA256):
197
198 openssl pkcs8 -in key.pem -topk8 -out enckey.pem
199
200 Convert a private key to PKCS#8 unencrypted format:
201
202 openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
203
204 Convert a private key to PKCS#5 v2.0 format using triple DES:
205
206 openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
207
208 Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in
209 CBC mode and hmacWithSHA512 PRF:
210
211 openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
212
213 Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
214 (DES):
215
216 openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
217
218 Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
219 (3DES):
220
221 openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
222
223 Read a DER unencrypted PKCS#8 format private key:
224
225 openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
226
227 Convert a private key from any PKCS#8 encrypted format to traditional
228 format:
229
230 openssl pkcs8 -in pk8.pem -traditional -out key.pem
231
232 Convert a private key to PKCS#8 format, encrypting with AES-256 and
233 with one million iterations of the password:
234
235 openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
236
238 Test vectors from this PKCS#5 v2.0 implementation were posted to the
239 pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
240 counts, several people confirmed that they could decrypt the private
241 keys produced and therefore, it can be assumed that the PKCS#5 v2.0
242 implementation is reasonably accurate at least as far as these
243 algorithms are concerned.
244
245 The format of PKCS#8 DSA (and other) private keys is not well
246 documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's
247 default DSA PKCS#8 private key format complies with this standard.
248
250 There should be an option that prints out the encryption algorithm in
251 use and other details such as the iteration count.
252
254 dsa(1), rsa(1), genrsa(1), gendsa(1)
255
257 The -iter option was added in OpenSSL 1.1.0.
258
260 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
261
262 Licensed under the OpenSSL license (the "License"). You may not use
263 this file except in compliance with the License. You can obtain a copy
264 in the file LICENSE in the source distribution or at
265 <https://www.openssl.org/source/license.html>.
266
267
268
2691.1.1l 2021-09-15 PKCS8(1)