Understanding: EncryptedPrivateKeyInfo

2010-09-22 Thread muellste 
Hello,

I try to understand the encryption of a private rsa key. It was generated
with

 openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
-pkeyopt rsa_keygen_bits:2048

(pw: 'admin', file attached)

according to pkcs#8 the result is

EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData
}

parsing through 'encryptionAlgorithm' i got

 openssl asn1parse - in mykey.enc -strparse 4
0: d=0 hl=2 l=73 cons : SEQUENCE
2: d=1 hl=2 l=9 prim : OBJECT: PBES2
13: d=1 hl=2 l=60 cons : SEQUENCE
15: d=2 hl=2 l=27 cons : SEQUENCE
17: d=3 hl=2 l=9 prim :OBJECT: PBKDF2
28: d=3 hl=2 l=14 cons :SEQUENCE
30: d=4 hl=2 l=8 prim :OCTET STRING
[ HEX DUMP ]:7C4B1587B12A7705
40: d=4 hl=2 l=2 prim :INTEGER: 0800
44: d=2 hl=2 l= 29 cons :SEQUENCE
46: d=3 hl=2 l=9 prim :OBJECT :aes-256-cbc
57: d=3 hl=2 l=16 prim :OCTET STRING
[ HEX DUMP ]: 4850BA5F76BA9CD5574F0121D8C0C657.

as i understood the rare documenation, offset 30 is the salt for PBKDF2
and offset 57 is the IV for aes.

as result of PKCS5_PBKDF2_HMAC_SHA1 feeded with the salt from above,
pw:'admin' and ic:2048 (offset 40 above) i got:

K  = dc55f54889fe64153fb1b181e89ec5c08a864ef5f777d6aa1d0be9ff82dd8b3a
iv = 11be3aafd0768fd9fdbc7880936ad2c4

decryption with this key (and any of those ivs) fails.

How can i reproduce the data in offset 57? if its really an iv why is it
written explicitly if it could be calculated a result of PBKDF2?

Does anyone have some hints?

  thanks a lot..  stephan

mykey.enc
Description: Binary data

Understanding: EncryptedPrivateKeyInfo

2010-09-22 Thread muellste 
Hello,

I try to understand the encryption of a private rsa key. It was generated
with

 openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
-pkeyopt rsa_keygen_bits:2048

(pw: 'admin', file attached)

according to pkcs#8 the result is

EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData
}

parsing through 'encryptionAlgorithm' i got

 openssl asn1parse - in mykey.enc -strparse 4
0: d=0 hl=2 l=73 cons : SEQUENCE
2: d=1 hl=2 l=9 prim : OBJECT: PBES2
13: d=1 hl=2 l=60 cons : SEQUENCE
15: d=2 hl=2 l=27 cons : SEQUENCE
17: d=3 hl=2 l=9 prim :OBJECT: PBKDF2
28: d=3 hl=2 l=14 cons :SEQUENCE
30: d=4 hl=2 l=8 prim :OCTET STRING
[ HEX DUMP ]:7C4B1587B12A7705
40: d=4 hl=2 l=2 prim :INTEGER: 0800
44: d=2 hl=2 l= 29 cons :SEQUENCE
46: d=3 hl=2 l=9 prim :OBJECT :aes-256-cbc
57: d=3 hl=2 l=16 prim :OCTET STRING
[ HEX DUMP ]: 4850BA5F76BA9CD5574F0121D8C0C657.

as i understood the rare documenation, offset 30 is the salt for PBKDF2
and offset 57 is the IV for aes.

as result of PKCS5_PBKDF2_HMAC_SHA1 feeded with the salt from above,
pw:'admin' and ic:2048 (offset 40 above) i got:

K  = dc55f54889fe64153fb1b181e89ec5c08a864ef5f777d6aa1d0be9ff82dd8b3a iv =
11be3aafd0768fd9fdbc7880936ad2c4

decryption with this key (and any of those ivs) fails.

How can i reproduce the data in offset 57? if its really an iv why is it
written explicitly if it could be calculated a result of PBKDF2?

Does anyone have some hints?

  thanks a lot..  stephan


mykey.enc
Description: Binary data

Understanding: EncryptedPrivateKeyInfo

2010-09-21 Thread Stephan Müller 
Hello,

I try to understand the encryption of a private rsa key. It was generated
with

 openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
-pkeyopt rsa_keygen_bits:2048

(pw: 'admin', file attached)

according to pkcs#8 the result is

EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData
}

parsing through 'encryptionAlgorithm' i got

 openssl asn1parse - in mykey.enc -strparse 4
0: d=0 hl=2 l=73 cons : SEQUENCE
2: d=1 hl=2 l=9 prim : OBJECT: PBES2
13: d=1 hl=2 l=60 cons : SEQUENCE
15: d=2 hl=2 l=27 cons : SEQUENCE
17: d=3 hl=2 l=9 prim :OBJECT: PBKDF2
28: d=3 hl=2 l=14 cons :SEQUENCE
30: d=4 hl=2 l=8 prim :OCTET STRING
[ HEX DUMP ]:7C4B1587B12A7705
40: d=4 hl=2 l=2 prim :INTEGER: 0800
44: d=2 hl=2 l= 29 cons :SEQUENCE
46: d=3 hl=2 l=9 prim :OBJECT :aes-256-cbc
57: d=3 hl=2 l=16 prim :OCTET STRING
[ HEX DUMP ]: 4850BA5F76BA9CD5574F0121D8C0C657.

as i understood the rare documenation, offset 30 is the salt for PBKDF2
and offset 57 is the IV for aes.

as result of PKCS5_PBKDF2_HMAC_SHA1 fed with the salt from above,
pw:'admin' and ic:2048 (offset 40 above) i got:

K  = dc55f54889fe64153fb1b181e89ec5c08a864ef5f777d6aa1d0be9ff82dd8b3a
iv = 11be3aafd0768fd9fdbc7880936ad2c4

decryption with this key (and any of those ivs) fails.

How can i reproduce the data in offset 57? if its really an iv why is it
written explicitly if it could be calculated a result of PBKDF2?

Does anyone have some hints?

  thanks a lot..  stephan


mykey.enc
Description: Binary data

Re: Understanding: EncryptedPrivateKeyInfo

2010-09-21 Thread Dr. Stephen Henson 
On Tue, Sep 21, 2010, Stephan Mller wrote:

 Hello,
 
 I try to understand the encryption of a private rsa key. It was generated
 with
 
  openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
 -pkeyopt rsa_keygen_bits:2048
 
 (pw: 'admin', file attached)
 
 according to pkcs#8 the result is
 
 EncryptedPrivateKeyInfo ::= SEQUENCE {
 encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
 encryptedData EncryptedData
 }
 
 parsing through 'encryptionAlgorithm' i got
 
  openssl asn1parse - in mykey.enc -strparse 4
 0: d=0 hl=2 l=73 cons : SEQUENCE
 2: d=1 hl=2 l=9 prim : OBJECT: PBES2
 13: d=1 hl=2 l=60 cons : SEQUENCE
 15: d=2 hl=2 l=27 cons : SEQUENCE
 17: d=3 hl=2 l=9 prim :OBJECT: PBKDF2
 28: d=3 hl=2 l=14 cons :SEQUENCE
 30: d=4 hl=2 l=8 prim :OCTET STRING
 [ HEX DUMP ]:7C4B1587B12A7705
 40: d=4 hl=2 l=2 prim :INTEGER: 0800
 44: d=2 hl=2 l= 29 cons :SEQUENCE
 46: d=3 hl=2 l=9 prim :OBJECT :aes-256-cbc
 57: d=3 hl=2 l=16 prim :OCTET STRING
 [ HEX DUMP ]: 4850BA5F76BA9CD5574F0121D8C0C657.
 
 as i understood the rare documenation, offset 30 is the salt for PBKDF2
 and offset 57 is the IV for aes.
 
 as result of PKCS5_PBKDF2_HMAC_SHA1 fed with the salt from above,
 pw:'admin' and ic:2048 (offset 40 above) i got:
 
 K  = dc55f54889fe64153fb1b181e89ec5c08a864ef5f777d6aa1d0be9ff82dd8b3a
 iv = 11be3aafd0768fd9fdbc7880936ad2c4
 
 decryption with this key (and any of those ivs) fails.
 
 How can i reproduce the data in offset 57? if its really an iv why is it
 written explicitly if it could be calculated a result of PBKDF2?
 
 Does anyone have some hints?
 

The IV is generated randomly and included explicitly. It is done this way
because that's what the PKCS#5 PBES2 standards require. You only generate
keying material using PBKDF2.

If you set the option DEBUG_PKCS5V2 when you compile OpenSSL (or just
uncomment it from p5_crpt2.c in source it will print out the keying material
and parameters used.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org