Jack Lloyd [EMAIL PROTECTED] writes:
Does anyone know of any 'standard' [*] ways of encrypting private keys in the
usual PKCS #8 format without using password-based encryption? It is obviously
not hard to do, as you can stick whatever you like into the
encryptionAlgorithm field, so it would be easy to specify an plain encryption
algorithm OID (aes256-cbc, or whatever) plus an IV (and possibly a key check
value and/or some optional key label fields). I'm sure this is not the first
time someone has needed such a thing - any references would be useful.
[*]: Standard in this case being at least one implementation/spec has it, and
(preferably) it is reasonably secure/sane
If you're using PKCS #8 then you'd want to use PKCS #15 with CMS password-
based encryption, which, although it's called password-based encryption, is
as you've pointed out a general-purpose mechanism that can be used to wrap
data using a key from any source, not just a PKCS #5 password.
(PKCS #15 is the logical successor to PKCS #8).
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
