formats icon indicating copy to clipboard operation
formats copied to clipboard

Published 20 hours ago verified publisher icon RustCrypto

PasswordRecipientInfoBuilder for CMS

Open bkstein opened this issue 1 year ago • 6 comments

This provides a builder for CMS' PasswordRecipientInfo according to RFC 3211. In contrast to the KeyTransRecipientInfoBuilder the key-encryption algorithm must be provided by the user (who has to provide an implementation of PwriEncryptor). This allows for more flexibility in choosing allgorithms for key derivation and encryption. An example for using the implementation is in the new test.

bkstein avatar Nov 30 '23 15:11 bkstein

@tarcieri Regarding the security alert: I assume, I have to wait for the rsa ct issue to be fixed?

bkstein avatar Nov 30 '23 15:11 bkstein

(@bkstein if you rebase, the security audit error should go away. This is not actionable for now and we'll ignore it until RSA 0.10 is released)

baloo avatar Dec 04 '23 20:12 baloo

@baloo First, I apologize for the long time beeing absent. We were busy working on our project and we had this PR as a local patch. But I'm interested in making this official and would like to resume. I started by updating to the master branch and experienced problems with the new crate versions. The clippy error is due to incompatible versioning of some Dependencies (digest is referenced by ecdsa with version v0.11.0-pre.8, but I introduced pkdf2, which references digest v0.10.7):

$ cargo tree
...
│   │       [dev-dependencies]
│   │       ├── ecdsa v0.17.0-pre.5 (https://github.com/RustCrypto/signatures#c2f3ee64)
...
│   │       │   ├── digest v0.11.0-pre.8
...
│   │       │   ├── elliptic-curve v0.14.0-pre.5
...
│   │       │   │   ├── digest v0.11.0-pre.8 (*)
...
│   │       │   │   ├── pkcs8 v0.11.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs8)
...
│   │       │   │   │   ├── pkcs5 v0.8.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs5)
...
│   │       │   │   │   │   ├── pbkdf2 v0.12.2
│   │       │   │   │   │   │   ├── digest v0.10.7
...

At the moment, I don't see how to resolve this.

bkstein avatar Apr 26 '24 11:04 bkstein

Ha, this is an oversight. I've bumped a bunch of dependencies in the ecosystem to pre-release versions but forgot pkcs5.

See; https://github.com/RustCrypto/formats/pull/1391

(also: no need to apologize, we all have various priorities :))

baloo avatar Apr 26 '24 15:04 baloo

@baloo I updated this PR to the latest master and dependencies. As for me, this can be merged.

bkstein avatar Jul 28 '24 21:07 bkstein

@baloo Reverted to draft, because I think, it's better to modify the rng handling. You mentioned above, that 2 rng's are now necessary for the pwri-builder. But it should be possible to get by with one rng, if I pass it from the builder to the encryption method.

bkstein avatar Aug 06 '24 10:08 bkstein