pkcs8: decryption/encryption support for EncryptedPrivateKeyInfo

[tarcieri]

#262 added an initial pkcs8::EncryptedPrivateKeyInfo type with basic parsing/serialization support. However, it doesn't actually support decrypting/encrypting PrivateKeyInfo yet.

Ideally we should only support algorithms which are known to be secure. The most commonly supported ones are based on 56-bit DES, however those provide no effective security as 56-bit DES has far too small a keyspace to be secure against brute force attacks. However, there is support for modern algorithms like AES and old-but-still-secureish algorithms like 3DES in newer revisions of PKCS#5:

• PKCS#5 v1.5 supports PBE-SHA1-3DES.
• PKCS#5 v2 adds support for AES encryption with iterated PRFs such as hmacWithSHA256 (a.k.a. PBES2)

It would probably make sense to wait for the cipher crate v0.3 release before attempting to implement decryption/encryption support in pkcs8.

[tarcieri]

It seems like the first step towards getting this to work is implementing at least a subset of PKCS#5 (password-based encryption), which I've done in #272.