OpenSSL stores private keys in an undocumented PEM format (the key data is DER-encoded and the result is ASCII-armoured), which Cryptlib does not support.
pemtrans reads an OpenSSL RSA private key and the corresponding signed public key certificate, and writes a PKCS #15 keyset that Cryptlib can use. The included manual page explains how to use the program.
Cryptlib requires (and respects) the KEYUSAGE attribute on certificates. Some certificates do not contain this attribute, and pemtrans issues a warning when it encounters them, because Cryptlib will probably reject it when you try to use it for something, e.g. in a TLS server.
OpenSSL, by default, does not set KEYUSAGE. This can be fixed by
adding a line like the following to
keyUsage = cRLSign, digitalSignature, keyEncipherment, keyCertSign
Download pemtrans-1.03.tar.gz.
Use, modification, and distribution of pemtrans is allowed without any limitations. There is no warranty, express or implied.
Please send questions and comments to ams@toroid.org.
Abhijit Menon-Sen <ams@toroid.org>