Re: [openssl-users] problem with -aes256 and -outform der in cmmand
On Mon, Aug 21, 2017 at 03:43:05PM +, Salz, Rich via openssl-users wrote: > ➢ But if I use format=der I do not get prompted for the password. > > DER does not support encryption. The bug is that the command does not tell > you this. There is at least one standard encryption-capable ASN.1 private key format, namely PKCS#8, and therefore a DER encoding thereof. However, the (gen)pkey command does not support direct input or output of encrypted PKCS8 in DER form. This is a reflection of the underlying API. Note, takes no password argument: d2i_PrivateKey(3) OpenSSL d2i_PrivateKey(3) NAME d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode functions for reading and saving EVP_PKEY structures. SYNOPSIS #include EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length); ... NOTES All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as d2i_PKC8PrivateKey() instead. -- Note, takes a password argument: d2i_PKCS8PrivateKey(3) OpenSSL d2i_PKCS8PrivateKey(3) NAME d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions SYNOPSIS #include EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); So, while you can indirectly generate encrypted DER private keys: $ openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 | openssl pkcs8 -topk8 -v2 aes-128-cbc -outform DER -out key.der ...+++ +++ Enter Encryption Password: Verifying - Enter Encryption Password: $ openssl asn1parse -in key.der -inform DER openssl asn1parse -inform DER 0:d=0 hl=4 l=1311 cons: SEQUENCE 4:d=1 hl=2 l= 73 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT:PBES2 17:d=2 hl=2 l= 60 cons: SEQUENCE 19:d=3 hl=2 l= 27 cons: SEQUENCE 21:d=4 hl=2 l= 9 prim: OBJECT:PBKDF2 32:d=4 hl=2 l= 14 cons: SEQUENCE 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:9C914F36B0FDC2D0 44:d=5 hl=2 l= 2 prim: INTEGER :0800 48:d=3 hl=2 l= 29 cons: SEQUENCE 50:d=4 hl=2 l= 9 prim: OBJECT:aes-128-cbc 61:d=4 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:...iv... 79:d=1 hl=4 l=1232 prim: OCTET STRING [HEX DUMP]:...ciphertext... they can't directly be used with any of the OpenSSL "-inkey" or similar options, as those don't assume PKCS8 and typically use: EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); the DER counterparts lack the password argument and can't read encrypted keys. So encrypted PKCS#8 is fine for moving keys between organizations, systems or people, but for data at rest, if you want encrypted keys, you'll need PEM. Use a strong passphrase, as the PBKDF for PEM encryption is weak. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] problem with -aes256 and -outform der in cmmand
On 08/21/2017 11:52 AM, Salz, Rich wrote: ➢ OK. And why does DER not support encryption Because it is not defined. If you want to encrypt keys, you need to use PKCS12 which might be too much for your application. If a device has secure storage, it does not need to encrypt its private key. It all depends on the architecture. Or they can implement whatever works in their device to protect the keys. The root CA is not a problem as it is offline except to make new intermediate CAs. In fact for Singapore, I hope to have the root CA be a mSD card with Fedora26 for a Cubieboard2. Pop the card in, and there is your root CA. And a different mSD card for the signing CA! I can do this all offline. Just put the CSR on a USB drive and insert it in one of the Cubie's USB ports and sign away! I just need to document this all. That is all. :) Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] problem with -aes256 and -outform der in cmmand
Probably I misunderstand the context, since PKCS#8 can be used to encrypt EC private key info, some more info at https://tools.ietf.org/html/rfc5915. Which doesn't help the OP if the openssl CLI doesn't support it. On Mon, Aug 21, 2017 at 8:52 AM, Salz, Rich via openssl-userswrote: > ➢ OK. And why does DER not support encryption > > Because it is not defined. If you want to encrypt keys, you need to use > PKCS12 which might be too much for your application. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] problem with -aes256 and -outform der in cmmand
➢ OK. And why does DER not support encryption Because it is not defined. If you want to encrypt keys, you need to use PKCS12 which might be too much for your application. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] problem with -aes256 and -outform der in cmmand
On 08/21/2017 11:43 AM, Salz, Rich via openssl-users wrote: ➢ But if I use format=der I do not get prompted for the password. DER does not support encryption. The bug is that the command does not tell you this. OK. And why does DER not support encryption? Actually, I can see working around this. The CA certs private keys can be in PEM and everything else in DER. Provided I can get all the inform and outforms right. But for now I will 'live' with unencrypted DER CA private keys. Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] problem with -aes256 and -outform der in cmmand
➢ But if I use format=der I do not get prompted for the password. DER does not support encryption. The bug is that the command does not tell you this. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] problem with -aes256 and -outform der in cmmand
If I use format=pem in the following: openssl genpkey -outform $format -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 \ -pkeyopt ec_param_enc:named_curve -out private/ca.key.$format the private key is password protected. But if I use format=der I do not get prompted for the password. The pem file is 379 bytes and the der is 121, but that is not a valid comparison as der is not encrypted... Is this a bug? Or a feature? Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users