I'm tracking down the cause of some failures in some scripts I have. It seems OpenSSL 3.0 changed the on-disk format of DSA private keys, and there does not seem to be a way to get the traditional format back because the dsa subcommand does not accept -traditional like the rsa subcommand. Also see openssl-dsa(1) subcommand.
openssl dsaparam -out dsa-params.pem 2048
openssl gendsa -out dsa-priv.pem dsa-params.pem
openssl dsa -in dsa-priv.pem -out dsa-pub.pem -pubout
And then:
$ cat dsa-priv.pem | sed '1d; $d' | tr -d '\r' | tr -d '\n' | base64 -d | dumpasn1 -
Warning: Input is non-seekable, some functionality has been disabled.
0 836: SEQUENCE {
4 566: SEQUENCE {
8 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
17 553: SEQUENCE {
21 257: INTEGER
: 00 DE 0C E8 2A A2 85 CB FD E6 E0 F5 1D 7D 17 7B
: 02 D7 96 9B 21 F6 58 0C 69 BA A6 94 6E 65 3D BF
: 14 E2 8E 5D 56 14 2D B0 38 14 02 33 E5 75 E6 CF
: A0 1D FE F1 93 0D 4A BB 8F 13 28 A1 44 D0 C0 D9
: C9 20 C8 62 AA 52 45 5A BF 46 29 AA FF 43 D3 C0
: 5B 6C B4 A1 83 A7 C7 AF 22 26 1C 57 6F C3 7B 00
: BE A0 68 B0 05 BF 0F 78 35 16 92 8F C6 05 BD 93
: 2D 29 B6 0D 81 BB 65 02 D0 86 49 A2 3F 3F 15 5B
: [ Another 129 bytes skipped ]
282 29: INTEGER
: 00 82 12 7B C5 17 F5 34 AE 37 81 B3 6A B2 06 9B
: DD 09 EE 3F 8D FA 62 C3 7D CC 01 31 09
313 257: INTEGER
: 00 97 92 65 CF EF 15 EC 1E AA BF AC 61 F3 8F 89
: BA C7 D1 FE C0 08 5E 5D 6B DE 54 87 B1 21 7A 1F
: 83 CB BD FD 12 76 9A 15 F1 BD 53 FA 67 BF D7 E8
: A0 94 7C 93 DC 2B 3B 80 9E D4 4B 38 72 91 6B DB
: 88 C0 F7 A0 C7 1B 94 59 D8 07 45 82 EB E0 8C 7F
: 59 59 F1 33 DF B7 C4 B7 26 DC D5 44 58 31 76 16
: B2 A8 60 FE 35 43 5D F0 91 2A 27 D2 4F A1 2F 2B
: E4 0A EA F7 18 32 FC B5 30 F9 F1 C2 44 CB 6F 92
: [ Another 129 bytes skipped ]
: }
: }
574 262: BIT STRING
: 02 82 01 01 00 B6 4D CE EA D3 C4 C1 13 94 4E 28
: C0 3C 4A 03 DA B4 56 44 F4 F6 E0 A2 F7 AD 58 70
: E4 6A 91 6F 60 96 89 A2 D2 93 3C C5 AD 5E B2 73
: D4 31 8C 84 5D 2A 37 AA 35 CF 38 7C 93 0E 29 A9
: 0E F8 B2 C2 0E 1D 1D 9A FE 47 F8 50 B9 DB C8 63
: 82 86 9C A2 72 14 BD 7B 1B 60 F5 A6 6D D4 4F FB
: 0D F1 DB DA 8E 4A 43 59 A1 9B CD 1A 85 95 DA CD
: AB 4B 1D 04 84 75 E9 AA B9 DB 4F 74 B1 82 48 B5
: [ Another 133 bytes skipped ]
: }
0 warnings, 0 errors.
That's a PKCS#8 private key. And more importantly, it is a change in behavior from previous versions of OpenSSL, like OpenSSL 1.0.2.
And it seems we can't get back the old behavior with -traditional:
$ openssl gendsa -out dsa-priv.pem dsa-params.pem -traditional
gendsa: Use -help for summary.
And -pubout does not help either:
openssl dsa -in dsa-priv.pem -inform PEM -out dsa-priv.pem.fixed -outform PEM -pubout
mv dsa-priv.pem.fixed dsa-priv.pem
But, traditional format automagically happens when converting from PEM to DER:
$ openssl dsa -in dsa-priv.pem -inform PEM -outform DER | dumpasn1 -
read DSA key
writing DSA key
0 847: SEQUENCE {
4 1: INTEGER 0
7 257: INTEGER
: 00 DE 0C E8 2A A2 85 CB FD E6 E0 F5 1D 7D 17 7B
: 02 D7 96 9B 21 F6 58 0C 69 BA A6 94 6E 65 3D BF
: 14 E2 8E 5D 56 14 2D B0 38 14 02 33 E5 75 E6 CF
: A0 1D FE F1 93 0D 4A BB 8F 13 28 A1 44 D0 C0 D9
: C9 20 C8 62 AA 52 45 5A BF 46 29 AA FF 43 D3 C0
: 5B 6C B4 A1 83 A7 C7 AF 22 26 1C 57 6F C3 7B 00
: BE A0 68 B0 05 BF 0F 78 35 16 92 8F C6 05 BD 93
: 2D 29 B6 0D 81 BB 65 02 D0 86 49 A2 3F 3F 15 5B
: [ Another 129 bytes skipped ]
268 29: INTEGER
: 00 82 12 7B C5 17 F5 34 AE 37 81 B3 6A B2 06 9B
: DD 09 EE 3F 8D FA 62 C3 7D CC 01 31 09
299 257: INTEGER
: 00 97 92 65 CF EF 15 EC 1E AA BF AC 61 F3 8F 89
: BA C7 D1 FE C0 08 5E 5D 6B DE 54 87 B1 21 7A 1F
: 83 CB BD FD 12 76 9A 15 F1 BD 53 FA 67 BF D7 E8
: A0 94 7C 93 DC 2B 3B 80 9E D4 4B 38 72 91 6B DB
: 88 C0 F7 A0 C7 1B 94 59 D8 07 45 82 EB E0 8C 7F
: 59 59 F1 33 DF B7 C4 B7 26 DC D5 44 58 31 76 16
: B2 A8 60 FE 35 43 5D F0 91 2A 27 D2 4F A1 2F 2B
: E4 0A EA F7 18 32 FC B5 30 F9 F1 C2 44 CB 6F 92
: [ Another 129 bytes skipped ]
560 257: INTEGER
: 00 A3 F0 40 48 41 5B B2 90 C6 84 E4 6D 8B 4B E2
: 3E 65 6A 62 2B 87 3F 8C FA 75 F2 90 A2 19 3F 40
: B7 9D 66 E7 24 36 A3 89 B8 03 A5 F0 BE A9 BD C3
: 50 E4 58 77 D6 AA 94 BC 7F 21 95 A2 E4 E2 37 6C
: 6E FE 0E 0F 89 AB 21 6D EC 2C B9 C5 4D 94 8D 84
: 4A 13 9B 1A 47 37 A8 F6 AA 94 DE A5 A5 0A 9C 24
: 17 29 43 2B D1 72 49 D5 88 9F 0B 0B 71 D7 4D FE
: E1 7E 51 96 33 E8 1B 6B 2A D0 72 75 62 BD 84 88
: [ Another 129 bytes skipped ]
821 28: INTEGER
: 09 6A 6A 91 54 6D 58 CA 71 54 A3 F9 58 67 55 F7
: 7E 87 7C 6B 34 C0 2E 2A 66 35 0E 34
: }
0 warnings, 0 errors
I'm tracking down the cause of some failures in some scripts I have. It seems OpenSSL 3.0 changed the on-disk format of DSA private keys, and there does not seem to be a way to get the traditional format back because the
dsasubcommand does not accept-traditionallike thersasubcommand. Also see openssl-dsa(1) subcommand.And then:
That's a PKCS#8 private key. And more importantly, it is a change in behavior from previous versions of OpenSSL, like OpenSSL 1.0.2.
And it seems we can't get back the old behavior with
-traditional:And
-puboutdoes not help either:But, traditional format automagically happens when converting from PEM to DER: