Re: openssl pkcs8 encryptionbug
On Tue, Oct 15, 2002, Michael Bell wrote: Dr. Stephen Henson wrote: If the PKCS#8 key is in PEM format it can be handled directly without any conversion. This is perhaps correct for the OpenSSL-commandlinetools (I don't know it) but I think mod_ssl is a problem and perhaps other applications which only use the old OpenSSL-format. It should be transparent for any application that calls PEM_read_bio_PrivateKey() either directly or indirectly. I'm not sure what mod_ssl is doing if it can't handle PKCS#8 PEM. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl pkcs8 encryptionbug
Hi, I received some messages that there are problems with the conversion from PKCS#8 to old SSLeay format and so I checked it. The result is the following: 1. the bug is only present if you convert a PKCS#8-key to the old format 2. set the option -passout (we use env:outpwd) 3. internally the following function is used in apps/pkcs8.c: PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); I searched the sources and find the following comment in crypto/pem/pem_pk8.c -- As usual if 'enc' is NULL then it uses the unencrypted private key form. -- 'enc' is the third argument! This looks like a disaster because pkcs8 has no options -des, -des, -aes etc. and there is no default. The result is an unencrypted private key without any warning. The passphrase is simply ignored. Do I something wrong or is this a real security bug? If it is a bug then I strongly recommend a bugfix before 0.9.7-release even if it requires some new options. Best regards Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl pkcs8 encryptionbug
On Mon, Oct 14, 2002, Michael Bell wrote: Hi, I received some messages that there are problems with the conversion from PKCS#8 to old SSLeay format and so I checked it. The result is the following: 1. the bug is only present if you convert a PKCS#8-key to the old format 2. set the option -passout (we use env:outpwd) 3. internally the following function is used in apps/pkcs8.c: PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); I searched the sources and find the following comment in crypto/pem/pem_pk8.c -- As usual if 'enc' is NULL then it uses the unencrypted private key form. -- 'enc' is the third argument! This looks like a disaster because pkcs8 has no options -des, -des, -aes etc. and there is no default. The result is an unencrypted private key without any warning. The passphrase is simply ignored. Do I something wrong or is this a real security bug? If it is a bug then I strongly recommend a bugfix before 0.9.7-release even if it requires some new options. If the PKCS#8 key is in PEM format it can be handled directly without any conversion. I agree some more options should be added and this behaviour documented. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl pkcs8 encryptionbug
Dr. Stephen Henson wrote: If the PKCS#8 key is in PEM format it can be handled directly without any conversion. This is perhaps correct for the OpenSSL-commandlinetools (I don't know it) but I think mod_ssl is a problem and perhaps other applications which only use the old OpenSSL-format. Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]