cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon pyca

switch to AES-256-CBC by default for encrypted serialization of PKCS12

Open reaperhulk opened this issue 2 years ago • 2 comments

Add fallback LegacyPKCS12TripleDESEncryption for compatibility with The Past(tm)

fixes #7043

reaperhulk avatar May 02 '22 18:05 reaperhulk

Looks like boringssl needs to implement the weird NID mapping to PBES2 choice that OpenSSL added if we want to support this. See: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/pkcs8/pkcs8.c#492

@davidben is there another way to use PBES2 + AES-256-CBC?

reaperhulk avatar May 02 '22 19:05 reaperhulk

It's been a while since I'd looked at this, so I don't remember the details (and am currently sick so limited time to dig into it). I think that TODO was about switching the KDF from hmacWithSHA1. Looks like you all are looking to do something about the encryption part?

But anyway, I probably only implemented the subset that anyone (you all, I imagine :-) ) were using at the time, because it was simplest, not so much because we didn't want that mechanism. If you need that feature, happy to take a patch for it.

davidben avatar May 03 '22 12:05 davidben