New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl key wrap differs #21
Comments
I'm not exactly an AES-KW expert, but I'm unclear why the output is 56-bytes in the case of From RFC5649 § 4.1:
(emphasis mine) Since 32 is a multiple of 8, there shouldn't be additional padding. So I would expect the resulting message to equal the length of the original plaintext (32) plus the semiblock size (8): 32 + 8 = 40. I'm confused why the output from OpenSSL would be 16-bytes longer. |
Just tested the openssl command, and it also generates a wrapped key of 40 bytes. @soleinik-figment can you post a list of sizes for your input files. Can you generate some test key files AES + ED25519 and post their hex contents? |
Hello Tony (I feel like already met you before - tmkms :-) and cryptographix! thank you for looking into this! === this are the guides i follow for openssl ============= -rw-rw-r-- 1 1000 1000 32 Sep 6 16:13 in-aes256.der =========script ======== TEMP_AES_KEY=./in-aes256.der "${OPENSSL_V110}" rand -out "${TEMP_AES_KEY}" 32 TRG_KEY_WRAPPED=out-ed25519-wrapped.bin "${OPENSSL_V110}" enc -id-aes256-wrap-pad ===========Dockerfile========================= RUN apt-get update RUN apt-get -y remove openssl RUN apt-get -qy install gcc COPY ./patch.sh / RUN apt-get -q update && apt-get -qy install wget make WORKDIR /work RUN ldconfig ENV PATH "$PATH:/usr/local/ssl/bin" =============================================== cat <<-EOF | patch -d . -p0
EOF |
I see that ed25519 is not 32 bytes. but, inside both keys are 32 -----BEGIN PUBLIC KEY----- |
Aah, sorry, it's a PKCS#8-encoded private key. Well that's even more confusing, as it seems to be a 64-byte PKCS#8 document, so I would expect the ciphertext to be 64 + 8 = 72 bytes. |
ok, Sergey, the problem is that the ed25519 key is in DER (PKCS8) format, as @tarcieri stated, and which includes additional bytes encoded in ASN.1. od -t x1 <in-ed25519-prv.der The first 16 bytes are the ASN.1 that describes the contents as a ED25519 key. You can post the hex bytes into an ASN.1 decoder, such as (https://lapo.it/asn1js/#MC4CAQAwBQYDK2VwBCIEIDKEZrWLcQgm0YODhlpc6he4fk0nqjg316yOgfQt1szF) You either need to add these initial bytes to the raw key, or use a suitable encoder. |
Aha, so That makes sense then. The 16-byte PKCS#8v1 header + 32-bytes = 48-bytes + 8-byte semiblock = 56-bytes (PKCS#8v1 omits the public key) @soleinik-figment you can use |
@cryptographix - i'm kinda "fresh" in this field, I hope this is what you asked od -t x1 < in-ed25519-prv.der 0000000 30 2e 02 01 00 30 05 06 03 2b 65 70 04 22 04 20 Tony - this is signing key (Tendermint), from that little that I understand - its pub+priv (and should be 64?) |
Tony, are you saying
|
@soleinik-figment the following should more or less work: const PKCS8_HEADER: [u8; 16] = b"\x30\x2e\x02\x01\x00\x30\x05\x06\x03\x2b\x65\x70\x04\x22\x04\x20";
let secret_key = [200, 207, 85, 164, 51, 2, 152, 28, 43, 47, 65, 66, 220, 161, 87, 108, 185, 95, 195, 210, 13, 162, 231, 203, 195, 127, 51, 189, 6, 211, 23, 158];
debug_assert_eq!(secret_key.len(), 32);
let mut pkcs8_key = Vec::from(PKCS8_HEADER);
pkcs8_key.extend_from_slice(&secret_key); ...then you keywrap |
@tarcieri - that worked!
and HashiCorp took it! You guys awesome! thank you so much! |
Resolved! Issue turned out to be ed25519 private key PKCS8 encoding issue (to match openssl) |
Hello,
Thank you for making aes_kw library available!
However, there might be issue, or lack of understanding on my side...
I'm trying to upload ed25519 key into HashiCorp Vault and using aes_kw to wrap ed25519 signing key with AES256... Unfortunately, Vault unable to unwrap ed25519...
Using same ed25519 and AES256 keys, openssl produces correct wrapping and Vault imports key with no error. I'm not sure what the issues is, very well could be "user error" :-).
Attached code snippet outlines my expectations..
`
const IN_ED25519: &str =
"RWaT0oB0VB8e3v0MBesnwguR5b+gTeS/gFqALEDcmE+cRiE2qOeld+yiO+zyamGGGSBp3AcHNCFuewZqqxdRUw==";
const IN_AES256: &str = "nB0HVnvTXp65QtpDsAM0vq2LI9G/wQGOhOQ04l1y2JM=";
`
for the reference, HashiCorp uses golang to unwrap, here is the link
https://github.com/google/tink/blob/master/go/kwp/subtle/kwp.go#L184
openssl produces 56 bytes and aes_kw - 40
aes_kw:ivR/2HMzPVKz6p8gPqQMHITCBmY80y8hjhdswGCOHSOlfaGezVGUZw==, size:40
openssl:t1/OHaQBU7YjJrtNxYRGXkdURFRN2v2K5MzFzSOFK10Ek1KyGIW9GMoCy7jdpXJ88XMsyYgB0pk=, size:56
The text was updated successfully, but these errors were encountered: