> Thanks, David.
>
> I am stuck exact at how to convert BER to DER.
> If I can convert BER to DER, then my problem is
> solved.
>
> Dr. Steve said there is no such conversion routine in
> OpenSSL...


That is not your program. If that were the problem, the solution would
simply be to read your data in and then write it back out. Your problem is
that you have two incompatible layouts for a key, both layered over BER/DER.

BER and DER are binary formats for laying out things like integers and
strings. They don't specify which part of a private key should come first.

Let me explain it another way, saying you have a private key in BER/DER is
like saying you have a private key in ASCII. A program that supports private
keys in ASCII won't necessarily support any given private key just because
it is also ASCII. It has to also be a format on top of ASCII that the
program supports.

So you have a key in BER/DER. Great. But is it in a format OpenSSL
supports? The answer is no. And that's not a BER/DER problem, that's a
problem one layer higher.

Someone who can read books can't necessarily read books in Latin. And the
problem is not the color of the paper, so copying the books onto white paper
won't make them any more readable.

When we talk about a private key in DER format, we don't just mean anything
that encodes a private key in DER some way. We mean that there is some
specific standard layered on top of DER that they key is in, and there are
multiple such formats, which is why OpenSSL has many ways to read in a
private key even though it's in DER.

So forget all about the BER/DER thing. You have a key in a format OpenSSL
doesn't support, so you need to find out what format it is in and perhaps
write your own code to read it in. You can make use of OpenSSLs BER/DER
decode logic just as the existing functions to read in keys in formats
layered on top of BER/DER do.

Again, OpenSSL can read in BER or DER, it doesn't care. It can only write
out in DER. The only difference between BER and DER is that BER has more
than one way to encode some things and DER only allows one.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org