cryptography
cryptography copied to clipboard
switch to AES-256-CBC by default for encrypted serialization of PKCS12
Add fallback LegacyPKCS12TripleDESEncryption for compatibility with The Past(tm)
fixes #7043
Looks like boringssl needs to implement the weird NID mapping to PBES2 choice that OpenSSL added if we want to support this. See: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/pkcs8/pkcs8.c#492
@davidben is there another way to use PBES2 + AES-256-CBC?
It's been a while since I'd looked at this, so I don't remember the details (and am currently sick so limited time to dig into it). I think that TODO was about switching the KDF from hmacWithSHA1. Looks like you all are looking to do something about the encryption part?
But anyway, I probably only implemented the subset that anyone (you all, I imagine :-) ) were using at the time, because it was simplest, not so much because we didn't want that mechanism. If you need that feature, happy to take a patch for it.