-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Which SM2 private key PEM file generated by openssl 3.x is correct? #20973
Comments
Maybe @InfoHunter could answer this? |
@InfoHunter Could you please help me answer a question if you have some time? |
I think #11328 could explained it. |
Ok, thank you so much. |
I thought it was already established that 2 was correct. This will also interop with Bouncy Castle if we revert it back to this.. |
In the same document (GM/T 0015-2012), table C.3 uses method 1's format, although it seems that most implementations use method 2. |
It seems like there is consensus that method 2 is correct, despite some documentation still using method 1. As such, marking this as inactive, to be closed at the end of 3.4. Please comment further if there is more discussion needed |
OpenSSL Version
OpenSSL 3.1.0 14 Mar 2023 (Library: OpenSSL 3.1.0 14 Mar 2023)
Description
I generated two different SM2 private key PEM files using two different methods.
When I use a tool to parse their ASN1 structures, I found that their OID identifiers are different, so I don't know which PEM file is generated correctly.
First Method
PEM content:
ASN1 Structure:
Second Method
PEM content:
ASN1 Structure:
Additional Notes
However, I know that many applications in China support the second method of generating PEM files and cannot recognize the first PEM file.
The ASN1 structure of the SM2 private key PEM file generated by version 1.1.1 is the same as the one generated by the second method.
The text was updated successfully, but these errors were encountered: