Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Viktor Dukhovni 
On Mon, Aug 21, 2017 at 03:43:05PM +, Salz, Rich via openssl-users wrote:

> ➢ But if I use format=der I do not get prompted for the password.
>
> DER does not support encryption.  The bug is that the command does not tell 
> you this.

There is at least one standard encryption-capable ASN.1 private
key format, namely PKCS#8, and therefore a DER encoding thereof.
However, the (gen)pkey command does not support direct input or
output of encrypted PKCS8 in DER form.  This is a reflection of
the underlying API.

 Note, takes no password argument:
d2i_PrivateKey(3)   OpenSSL  d2i_PrivateKey(3)

NAME
   d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
   functions for reading and saving EVP_PKEY structures.

SYNOPSIS
#include 

EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char 
**pp,
 long length);
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
 long length);

...

NOTES
   All these functions use DER format and unencrypted keys. Applications
   wishing to encrypt or decrypt private keys should use other functions
   such as d2i_PKC8PrivateKey() instead.

-- Note, takes a password argument:
d2i_PKCS8PrivateKey(3)  OpenSSL 
d2i_PKCS8PrivateKey(3)

NAME
   d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
   i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
   i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format
   private key functions

SYNOPSIS
#include 

EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, 
pem_password_cb *cb, void *u);
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, 
pem_password_cb *cb, void *u);

So, while you can indirectly generate encrypted DER private keys:

$ openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 |
openssl pkcs8 -topk8 -v2 aes-128-cbc -outform DER -out key.der
...+++
+++
Enter Encryption Password:
Verifying - Enter Encryption Password:

$ openssl asn1parse -in key.der -inform DER
openssl asn1parse -inform DER
0:d=0  hl=4 l=1311 cons: SEQUENCE
4:d=1  hl=2 l=  73 cons: SEQUENCE
6:d=2  hl=2 l=   9 prim: OBJECT:PBES2
   17:d=2  hl=2 l=  60 cons: SEQUENCE
   19:d=3  hl=2 l=  27 cons: SEQUENCE
   21:d=4  hl=2 l=   9 prim: OBJECT:PBKDF2
   32:d=4  hl=2 l=  14 cons: SEQUENCE
   34:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:9C914F36B0FDC2D0
   44:d=5  hl=2 l=   2 prim: INTEGER   :0800
   48:d=3  hl=2 l=  29 cons: SEQUENCE
   50:d=4  hl=2 l=   9 prim: OBJECT:aes-128-cbc
   61:d=4  hl=2 l=  16 prim: OCTET STRING  [HEX DUMP]:...iv...
   79:d=1  hl=4 l=1232 prim: OCTET STRING  [HEX DUMP]:...ciphertext...

they can't directly be used with any of the OpenSSL "-inkey" or
similar options, as those don't assume PKCS8 and typically use:

EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
  pem_password_cb *cb, void *u);

EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
  pem_password_cb *cb, void *u);

the DER counterparts lack the password argument and can't read
encrypted keys.  So encrypted PKCS#8 is fine for moving keys
between organizations, systems or people, but for data at rest,
if you want encrypted keys, you'll need PEM.

Use a strong passphrase, as the PBKDF for PEM encryption is
weak.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Robert Moskowitz 



On 08/21/2017 11:52 AM, Salz, Rich wrote:

➢ OK.  And why does DER not support encryption

Because it is not defined.  If you want to encrypt keys, you need to use PKCS12 
which might be too much for your application.

If a device has secure storage, it does not need to encrypt its private 
key.  It all depends on the architecture.


Or they can implement whatever works in their device to protect the keys.

The root CA is not a problem as it is offline except to make new 
intermediate CAs.  In fact for Singapore, I hope to have the root CA be 
a mSD card with Fedora26 for a Cubieboard2.  Pop the card in, and there 
is your root CA.  And a different mSD card for the signing CA!  I can do 
this all offline.  Just put the CSR on a USB drive and insert it in one 
of the Cubie's USB ports and sign away!


I just need to document this all.  That is all.  :)

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Sam Roberts 
Probably I misunderstand the context, since PKCS#8 can be used to
encrypt EC private key info, some more info at
https://tools.ietf.org/html/rfc5915. Which doesn't help the OP if the
openssl CLI doesn't support it.


On Mon, Aug 21, 2017 at 8:52 AM, Salz, Rich via openssl-users
 wrote:
> ➢ OK.  And why does DER not support encryption
>
> Because it is not defined.  If you want to encrypt keys, you need to use 
> PKCS12 which might be too much for your application.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Salz, Rich via openssl-users 
➢ OK.  And why does DER not support encryption

Because it is not defined.  If you want to encrypt keys, you need to use PKCS12 
which might be too much for your application.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Robert Moskowitz 



On 08/21/2017 11:43 AM, Salz, Rich via openssl-users wrote:

➢ But if I use format=der I do not get prompted for the password.

DER does not support encryption.  The bug is that the command does not tell you this.


OK.  And why does DER not support encryption?  Actually, I can see 
working around this.  The CA certs private keys can be in PEM and 
everything else in DER.  Provided I can get all the inform and outforms 
right.


But for now I will 'live' with unencrypted DER CA private keys.

Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Salz, Rich via openssl-users 
➢ But if I use format=der I do not get prompted for the password.
   
DER does not support encryption.  The bug is that the command does not tell you 
this.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] problem with -aes256 and -outform der in cmmand

2017-08-21 Thread Robert Moskowitz 

If I use format=pem in the following:

openssl genpkey -outform $format -aes256 -algorithm ec -pkeyopt 
ec_paramgen_curve:prime256v1 \

-pkeyopt ec_param_enc:named_curve -out private/ca.key.$format

the private key is password protected.

But if I use format=der

I do not get prompted for the password.

The pem file is 379 bytes and the der is 121, but that is not a valid 
comparison as der is not encrypted...


Is this a bug?  Or a feature?

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users