Does anyone know of any 'standard' [*] ways of encrypting private keys in the usual PKCS #8 format without using password-based encryption? It is obviously not hard to do, as you can stick whatever you like into the encryptionAlgorithm field, so it would be easy to specify an plain encryption algorithm OID (aes256-cbc, or whatever) plus an IV (and possibly a key check value and/or some optional key label fields). I'm sure this is not the first time someone has needed such a thing - any references would be useful.
[*]: Standard in this case being "at least one implementation/spec has it, and (preferably) it is reasonably secure/sane" Thanks, Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
