Skip to content

pkcs8: decryption/encryption support for EncryptedPrivateKeyInfo #263

Closed
@tarcieri

Description

@tarcieri

#262 added an initial pkcs8::EncryptedPrivateKeyInfo type with basic parsing/serialization support. However, it doesn't actually support decrypting/encrypting PrivateKeyInfo yet.

Ideally we should only support algorithms which are known to be secure. The most commonly supported ones are based on 56-bit DES, however those provide no effective security as 56-bit DES has far too small a keyspace to be secure against brute force attacks. However, there is support for modern algorithms like AES and old-but-still-secureish algorithms like 3DES in newer revisions of PKCS#5:

  • PKCS#5 v1.5 supports PBE-SHA1-3DES.
  • PKCS#5 v2 adds support for AES encryption with iterated PRFs such as hmacWithSHA256 (a.k.a. PBES2)

It would probably make sense to wait for the cipher crate v0.3 release before attempting to implement decryption/encryption support in pkcs8.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions