pemtrans reads an OpenSSL RSA private key and the corresponding signed
public key certificate, and writes a PKCS #15 keyset that Cryptlib can
use.
The included manual page explains how to use the program.
OpenSSL stores private keys in an
undocumented PEM format (the key data is DER-encoded and the result is
ASCII-armoured), which Cryptlib
does not support.
Key usage
Cryptlib requires (and respects) the KEYUSAGE attribute on certificates.
Some certificates do not contain this attribute, and pemtrans issues a
warning when it encounters them, because Cryptlib will probably reject
it when you try to use it for something, e.g. in a TLS server.
OpenSSL, by default, does not set KEYUSAGE. This can be fixed by
adding a line like the following to openssl.cnf before
generating the key and certificate (the attributes specified here are
enough for the result to be used in a TLS server):
keyUsage = cRLSign, digitalSignature, keyEncipherment, keyCertSign
Download
Download
pemtrans.tar.gz
(from
github.com/amenonsen/pemtrans)
Use, modification, and distribution of pemtrans is allowed without
any limitations. There is no warranty, express or implied.
Please send questions and comments to ams@toroid.org.