Standard ways of PKCS #8 encryption without PKCS #5?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Dec 23 20:13:46 EST 2005
Jack Lloyd <lloyd at randombit.net> writes:
>Does anyone know of any 'standard' [*] ways of encrypting private keys in the
>usual PKCS #8 format without using password-based encryption? It is obviously
>not hard to do, as you can stick whatever you like into the
>encryptionAlgorithm field, so it would be easy to specify an plain encryption
>algorithm OID (aes256-cbc, or whatever) plus an IV (and possibly a key check
>value and/or some optional key label fields). I'm sure this is not the first
>time someone has needed such a thing - any references would be useful.
>
>[*]: Standard in this case being "at least one implementation/spec has it, and
>(preferably) it is reasonably secure/sane"
If you're using PKCS #8 then you'd want to use PKCS #15 with CMS password-
based encryption, which, although it's called "password-based encryption", is
as you've pointed out a general-purpose mechanism that can be used to wrap
data using a key from any source, not just a PKCS #5 password.
(PKCS #15 is the logical successor to PKCS #8).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list