Arshad Noor wrote, On 2009-04-23 20:11:
> Nelson Bolyard wrote:
>> The NSS team participated in the process of defining PKCS#12 precisely
>> to avoid the security trap of exporting private keys in PKCS#8 format.
>> Avoiding that trap is precisely why PKCS#12, and not PKCS#8, is THE only
>> format for private key transport supported by all of NSS, Microsoft and 
>> OpenSSL.
> Nelson,
> I'm afraid PKCS#8 *does* allow for protecting private-keys with
> passwords, but you have to explicitly choose the ASN type when
> creating the file.  Details can be found at:

Oh, I'm aware of that, and was aware of that while in the NSS team at
Netscape when PKCS#12 was being defined.  (NSS was known by another
name at that time.)

> It's possible that NSS chose to not support the export of the keys
> in PKCS#8 format for other reasons, but I don't believe it would be
> because it poses a security risk - the PKCS12 file is subject to the
> same risks as PKCS8 since it has the same level of protection: PBE
> using a 3DES key.

The story is that, at that time, it was extremely common for OpenSSL users
to store their private keys in PEM-encoded PKCS8 files that were NOT
encrypted.  OpenSSL made that encryption optional, and (I gather) most
OpenSSL users simply didn't bother with it.  So, at that time, OpenSSL users
expected PKCS8 files to be unencrypted.

The NSS team could have chosen to implement only the encrypted form of
PKCS8, and in fact, NSS DOES support the IMPORT of private keys from
PKCS8 files into PKCS#11 modules, but NSS does not create them (export)
and the browser does not expose the PKCS#8 import feature to its users.

As for "other reasons", at that time NSS was not an independent library
but was very much part of the browser.  The browser folks wanted to give
the user just one way to transport keys and their certificates securely
and keep them together.  PKCS#12 was the obvious candidate.  We could
have implemented exporting keys in PKCS#8 (it would be trivial), but we
chose not to do so, to promote secure practices.  The message to users
was (and still is), if you want to export your private key, PKCS#11 is
the answer.
dev-tech-crypto mailing list

Reply via email to