For those that don't already know, since October or so of last year, I've
been working on adding S/MIME and PGP support for my open source MIME
library, MimeKit, using BouncyCastle.

It is at this point very close to being something I'd feel comfortable with
releasing as a 1.0 version. However, there are a few things that I, as
someone who cannot consider himself a crypto expert, need some guidance on.

First and foremost is the encryption of private keys for S/MIME.

I've written an interface along with a default implementation based on
SQLite for storing X.509 certificates, CRLs, and private keys.

The Background:

My original approach had been to use pkcs12 files for storing this data,
but it soon became too cumbersome due to the need to track information such
a the encryption algorithms supported by the various mail agents (when you
receive a signed S/MIME message, it includes metadata such as the
encryption algorithms supported by the agent that signed it which you are
then supposed to use to determine the most suitable encryption algorithm to
use when encrypting to that user in the future).

The Question:

Now that the background information is out of the way... the way that I am
currently encrypting the private keys is by using PBE w/ SHA-1 & 3-key 3DES
CBC (I think I more-or-less followed what pkcs12 was doing).

With all of the scare surrounding Heart Bleed, I've had to change a lot of
my online passwords and decided to use a password manager. From what I can
tell, some of these password managers use AES + SHA-256 and it has made me
wonder if I should be doing the same?

The argument I've read in favor of SHA + 3-key 3DES CBC is that it's a
fairly strong, yet slow algorithm which is good in the sense that it would
be significantly more expensive for someone to try and use brute force.
While I know enough to understand that DES (especially encrypting via DES 3
times) is expensive compared to AES, is it the right choice for this sort
of thing?

Thanks,

Jeff

Reply via email to