PKCS#8 is a standard for storing and transferring private key information. The wrapped key can either be clear or encrypted.
All encryption algorithms are based on passphrase-based key derivation. The following mechanisms are fully supported:
- PBKDF2WithHMAC-SHA1AndAES128-CBC
- PBKDF2WithHMAC-SHA1AndAES192-CBC
- PBKDF2WithHMAC-SHA1AndAES256-CBC
- PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC
- scryptAndAES128-CBC
- scryptAndAES192-CBC
- scryptAndAES256-CBC
The following mechanisms are only supported for importing keys. They are much weaker than the ones listed above, and they are provided for backward compatibility only:
- pbeWithMD5AndRC2-CBC
- pbeWithMD5AndDES-CBC
- pbeWithSHA1AndRC2-CBC
- pbeWithSHA1AndDES-CBC
Crypto.IO.PKCS8