pkcs8: decryption/encryption support for EncryptedPrivateKeyInfo #263
Comments
tarcieri
changed the title
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Updates the rustdoc with links to #263
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Updates the rustdoc with links to #263
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
Merged
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
|
It seems like the first step towards getting this to work is implementing at least a subset of PKCS#5 (password-based encryption), which I've done in #272. |
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
tarcieri
added a commit
that referenced
this issue
Feb 17, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
tarcieri
added a commit
that referenced
this issue
Feb 18, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
tarcieri
added a commit
that referenced
this issue
Feb 18, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs. It also includes some changes to the `spki` crate to simplify parsing which should probably be separated out into their own PR.
tarcieri
added a commit
that referenced
this issue
Feb 18, 2021
Adds an initial implementation of Public-Key Cryptography Standards (PKCS) #5: Password-Based Cryptography Specification Version 2.1 as described in RFC 8018. This implementation includes basic support for parsing `AlgorithmIdentifier`s representing supported PKCS#5 algorithms into a structured representation. The larger goal is being able to decrypt/encrypt PKCS#8's `EncryptedPrivateKeyInfo` (see #263) This PR doesn't actually include any encryption support yet: instead it implements the basic crate structure with the goal of adding encryption support in follow-up PRs.
|
This PR adds support for PKCS5 decryption: #293 |
|
Encryption is support is released in v0.5.3. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#262 added an initial
pkcs8::EncryptedPrivateKeyInfotype with basic parsing/serialization support. However, it doesn't actually support decrypting/encryptingPrivateKeyInfoyet.Ideally we should only support algorithms which are known to be secure. The most commonly supported ones are based on 56-bit DES, however those provide no effective security as 56-bit DES has far too small a keyspace to be secure against brute force attacks. However, there is support for modern algorithms like AES and old-but-still-secureish algorithms like 3DES in newer revisions of PKCS#5:
PBE-SHA1-3DES.hmacWithSHA256(a.k.a. PBES2)It would probably make sense to wait for the
ciphercrate v0.3 release before attempting to implement decryption/encryption support inpkcs8.The text was updated successfully, but these errors were encountered: