[19392] in cryptography@c2.net mail archive
Standard ways of PKCS #8 encryption without PKCS #5?
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Fri Dec 23 13:39:57 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 23 Dec 2005 12:33:47 -0500
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
Does anyone know of any 'standard' [*] ways of encrypting private keys in the
usual PKCS #8 format without using password-based encryption? It is obviously
not hard to do, as you can stick whatever you like into the encryptionAlgorithm
field, so it would be easy to specify an plain encryption algorithm OID
(aes256-cbc, or whatever) plus an IV (and possibly a key check value and/or
some optional key label fields). I'm sure this is not the first time someone
has needed such a thing - any references would be useful.
[*]: Standard in this case being "at least one implementation/spec has it, and
(preferably) it is reasonably secure/sane"
Thanks,
Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
