mirror of
https://github.com/openssl/openssl.git
synced 2024-12-16 21:43:42 +08:00
Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
parent
2ab851b779
commit
8fc06e8860
4
CHANGES
4
CHANGES
@ -4,6 +4,10 @@
|
||||
|
||||
Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
|
||||
|
||||
*) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0,
|
||||
256 bit AES and HMAC with SHA256.
|
||||
[Steve Henson]
|
||||
|
||||
*) Remove support for MIPS o32 ABI on IRIX (and IRIX only).
|
||||
[Andy Polyakov]
|
||||
|
||||
|
@ -177,6 +177,8 @@ int pkcs8_main(int argc, char **argv)
|
||||
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
|
||||
goto opthelp;
|
||||
}
|
||||
if (cipher == NULL)
|
||||
cipher = EVP_aes_256_cbc();
|
||||
break;
|
||||
case OPT_ITER:
|
||||
if (!opt_int(opt_arg(), &iter))
|
||||
@ -225,8 +227,8 @@ int pkcs8_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((pbe_nid == -1) && !cipher)
|
||||
pbe_nid = NID_pbeWithMD5AndDES_CBC;
|
||||
if ((pbe_nid == -1) && cipher == NULL)
|
||||
cipher = EVP_aes_256_cbc();
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
|
@ -140,7 +140,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
if ((prf_nid == -1) &&
|
||||
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
|
||||
ERR_clear_error();
|
||||
prf_nid = NID_hmacWithSHA1;
|
||||
prf_nid = NID_hmacWithSHA256;
|
||||
}
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
|
@ -57,7 +57,7 @@ private key is used.
|
||||
|
||||
=item B<-outform DER|PEM>
|
||||
|
||||
This specifies the output format, the options have the same meaning as the
|
||||
This specifies the output format, the options have the same meaning as the
|
||||
B<-inform> option.
|
||||
|
||||
=item B<-in filename>
|
||||
@ -100,28 +100,26 @@ code signing software used unencrypted private keys.
|
||||
|
||||
=item B<-v2 alg>
|
||||
|
||||
This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
|
||||
private keys are encrypted with the password based encryption algorithm
|
||||
called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
|
||||
was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
|
||||
the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
|
||||
encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
|
||||
not many implementations support PKCS#5 v2.0 yet. If you are just using
|
||||
private keys with OpenSSL then this doesn't matter.
|
||||
This option sets the PKCS#5 v2.0 algorithm.
|
||||
|
||||
The B<alg> argument is the encryption algorithm to use, valid values include
|
||||
B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
|
||||
B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
|
||||
is used.
|
||||
|
||||
=item B<-v2prf alg>
|
||||
|
||||
This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
|
||||
values would be B<hmacWithSHA256>. If this option isn't set then the default
|
||||
for the cipher is used or B<hmacWithSHA1> if there is no default.
|
||||
value would be B<hmacWithSHA256>. If this option isn't set then the default
|
||||
for the cipher is used or B<hmacWithSHA256> if there is no default.
|
||||
|
||||
Some implementations may not support custom PRF algorithms and may require
|
||||
the B<hmacWithSHA1> option to work.
|
||||
|
||||
=item B<-v1 alg>
|
||||
|
||||
This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
|
||||
list of possible algorithms is included below.
|
||||
This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
|
||||
older implementations may not support PKCS#5 v2.0 and may require this option.
|
||||
If not specified PKCS#5 v2.0 for is used.
|
||||
|
||||
=item B<-engine id>
|
||||
|
||||
@ -145,6 +143,13 @@ sets the scrypt B<N>, B<r> or B<p> parameters.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
|
||||
AES with HMAC and SHA256 is used.
|
||||
|
||||
Some older implementations do not support PKCS#5 v2.0 format and require
|
||||
the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
|
||||
encryption algorithms such as 56 bit DES.
|
||||
|
||||
The encrypted form of a PEM encode PKCS#8 files uses the following
|
||||
headers and footers:
|
||||
|
||||
@ -161,13 +166,6 @@ counts are more secure that those encrypted using the traditional
|
||||
SSLeay compatible formats. So if additional security is considered
|
||||
important the keys should be converted.
|
||||
|
||||
The default encryption is only 56 bits because this is the encryption
|
||||
that most current implementations of PKCS#8 will support.
|
||||
|
||||
Some software may use PKCS#12 password based encryption algorithms
|
||||
with PKCS#8 format private keys: these are handled automatically
|
||||
but there is no option to produce them.
|
||||
|
||||
It is possible to write out DER encoded encrypted private keys in
|
||||
PKCS#8 format because the encryption details are included at an ASN1
|
||||
level whereas the traditional format includes them at a PEM level.
|
||||
@ -228,8 +226,8 @@ Read a DER unencrypted PKCS#8 format private key:
|
||||
Convert a private key from any PKCS#8 format to traditional format:
|
||||
|
||||
openssl pkcs8 -in pk8.pem -out key.pem
|
||||
|
||||
Convert a private key to PKCS#8 format, encrypting with AES-256 and with
|
||||
|
||||
Convert a private key to PKCS#8 format, encrypting with AES-256 and with
|
||||
one million iterations of the password:
|
||||
|
||||
openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
|
||||
@ -259,7 +257,7 @@ the old format at present.
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>,
|
||||
L<gendsa(1)>
|
||||
L<gendsa(1)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user