cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon pyca

KeySerializationEncryption options

Open galdinx opened this issue 7 years ago • 4 comments

Hello,

If I understand correctly, KeySerializationEncryption class allow only 2 kind of modes:

  • BestAvailableEncryption
  • NoEncryption

The problem is that the "BestAvailableEncryption" might not be the same for all systems.

As a consequence, if a private key is serialized on a particular system to be used by a 3rd party program (PKCS#8 for openVPN in my case), another system might not be able to de-serialize it.

Would it be possible to choose the algorithm used to encode the key like in pycryptodome module (https://pycryptodome.readthedocs.io/en/latest/src/io/pkcs8.html) instead of having the choice between no encryption and the strongest algorithm available ?

Tx and best regards,

Galdinx.

galdinx avatar Jun 03 '18 12:06 galdinx

If we want to support more granular settings here we'll need to bind some/all of the following: PEM_write_bio_PKCS8, i2d_PKCS8_bio, PKCS5_pbe2_set_scrypt, PKCS5_pbe2_set_iv, PKCS5_pbe_set, PKCS8_set0_pbe, and some NIDs.

reaperhulk avatar Mar 19 '19 02:03 reaperhulk

Will this issue be added to the Thirty Fourth release?

bhoefer2015 avatar Nov 24 '20 15:11 bhoefer2015

An honest assessment is that this issue isn't likely to make progress unless a contributor is particularly excited about figuring out a design and doing the implementation.

alex avatar Nov 24 '20 15:11 alex

alex++ for honesty! Thanks!

bhoefer2015 avatar Nov 24 '20 15:11 bhoefer2015

fixed in #7520 and several subsequent PRs

alex avatar Sep 24 '22 17:09 alex