Closed
Description
#262 added an initial pkcs8::EncryptedPrivateKeyInfo
type with basic parsing/serialization support. However, it doesn't actually support decrypting/encrypting PrivateKeyInfo
yet.
Ideally we should only support algorithms which are known to be secure. The most commonly supported ones are based on 56-bit DES, however those provide no effective security as 56-bit DES has far too small a keyspace to be secure against brute force attacks. However, there is support for modern algorithms like AES and old-but-still-secureish algorithms like 3DES in newer revisions of PKCS#5:
- PKCS#5 v1.5 supports
PBE-SHA1-3DES
. - PKCS#5 v2 adds support for AES encryption with iterated PRFs such as
hmacWithSHA256
(a.k.a. PBES2)
It would probably make sense to wait for the cipher
crate v0.3 release before attempting to implement decryption/encryption support in pkcs8
.
Metadata
Metadata
Assignees
Labels
No labels