[19404] in cryptography@c2.net mail archive
Re: Standard ways of PKCS #8 encryption without PKCS #5?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Dec 24 10:32:16 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, lloyd@randombit.net
In-Reply-To: <20051223173346.GA5871@randombit.net>
Date: Sat, 24 Dec 2005 14:13:46 +1300
Jack Lloyd <lloyd@randombit.net> writes:
>Does anyone know of any 'standard' [*] ways of encrypting private keys in the
>usual PKCS #8 format without using password-based encryption? It is obviously
>not hard to do, as you can stick whatever you like into the
>encryptionAlgorithm field, so it would be easy to specify an plain encryption
>algorithm OID (aes256-cbc, or whatever) plus an IV (and possibly a key check
>value and/or some optional key label fields). I'm sure this is not the first
>time someone has needed such a thing - any references would be useful.
>
>[*]: Standard in this case being "at least one implementation/spec has it, and
>(preferably) it is reasonably secure/sane"
If you're using PKCS #8 then you'd want to use PKCS #15 with CMS password-
based encryption, which, although it's called "password-based encryption", is
as you've pointed out a general-purpose mechanism that can be used to wrap
data using a key from any source, not just a PKCS #5 password.
(PKCS #15 is the logical successor to PKCS #8).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
