Arshad Noor wrote, On 2009-04-23 20:11: > Nelson Bolyard wrote: >> The NSS team participated in the process of defining PKCS#12 precisely >> to avoid the security trap of exporting private keys in PKCS#8 format. >> Avoiding that trap is precisely why PKCS#12, and not PKCS#8, is THE only >> format for private key transport supported by all of NSS, Microsoft and >> OpenSSL. > > Nelson, > > I'm afraid PKCS#8 *does* allow for protecting private-keys with > passwords, but you have to explicitly choose the ASN type when > creating the file. Details can be found at: > > ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-8.asc
Oh, I'm aware of that, and was aware of that while in the NSS team at Netscape when PKCS#12 was being defined. (NSS was known by another name at that time.) > It's possible that NSS chose to not support the export of the keys > in PKCS#8 format for other reasons, but I don't believe it would be > because it poses a security risk - the PKCS12 file is subject to the > same risks as PKCS8 since it has the same level of protection: PBE > using a 3DES key. The story is that, at that time, it was extremely common for OpenSSL users to store their private keys in PEM-encoded PKCS8 files that were NOT encrypted. OpenSSL made that encryption optional, and (I gather) most OpenSSL users simply didn't bother with it. So, at that time, OpenSSL users expected PKCS8 files to be unencrypted. The NSS team could have chosen to implement only the encrypted form of PKCS8, and in fact, NSS DOES support the IMPORT of private keys from PKCS8 files into PKCS#11 modules, but NSS does not create them (export) and the browser does not expose the PKCS#8 import feature to its users. As for "other reasons", at that time NSS was not an independent library but was very much part of the browser. The browser folks wanted to give the user just one way to transport keys and their certificates securely and keep them together. PKCS#12 was the obvious candidate. We could have implemented exporting keys in PKCS#8 (it would be trivial), but we chose not to do so, to promote secure practices. The message to users was (and still is), if you want to export your private key, PKCS#11 is the answer. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto