hello, I hope someone can help me with the following problem:
I'm trying to generate a rsa key pair in perl using the Crypt::RSA module.
this works fine so far. I am converting the resulting private key into PEM
format and it is checked ok by 'openssl rsa -in private.pem -check'.
now i want this private key to be protected by a passphrase using for
example AES-128-CBC encrypting. but I am not sure, what exactly is done with the
passphrase. is it used to generate a 128 bit key for the Rijndael algorithm? if
so, how is the passphrase converted to that key? i tried the following,
based on an algorithm I found in Convert::PEM module for DES-EDE3-CBC (which
works fine for 3DES):
#!/usr/bin/perl
use Digest::MD5 qw ( md5 );
...
my $iv = pack("C*", map { rand 255 } 1..16); # a random 16 bit init vector
my $key = bytes_to_key($param{Password}, $iv, \&md5, 16); # $param{Password}
is the passphrase given by the user,
'16' ist the key size in bytes.
...
sub bytes_to_key {
my($key, $salt, $md, $ks) = @_;
my $ckey = $md->($key, $salt);
while (length($ckey) < $ks) {
$ckey .= $md->($ckey, $key, $salt);
}
substr $ckey, 0, $ks;
}
so in the end it is a md5-hashing of the passphrase. if i initialize the
Rijndael algorithm (Crypt::Rijndael) with this key and the iv, the resulting
private.pem cannot be read by openssl any more. 'openssl rsa -in private.pem
-noout -check' results the following:
unable to load Private Key
28474:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:438:
28474:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
well, where is the mistake, can you help me?
Claus Nagel
--
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
