Reputation: 271
Generating RSA private key wrapped using AES
I am new to encryption and been playing with openssl. There's a command in openssl to generate an RSA private key wrapped using AES:
openssl genrsa -aes128
And the sample result will be:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7787EC23BAB71A7E339FA4BB5B197362
Sqmr8Zb8..bla..blaa
-----END RSA PRIVATE KEY-----
In PyCrypto, we can build the similar private key using:
from Crypto.PublicKey import RSA
key = RSA.generate(1024).exportKey('PEM', 'secret')
Which will produce
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,760A8103AA096360
HxGmbla..blaa
-----END RSA PRIVATE KEY-----
Notice the result is wrapped using triple DES. What is the proper way to create a private key wrapped using AES such as the one above using PyCrypto?
Upvotes: 3
Views: 3194
Answers (1)
Reputation: 7776
AES encryption of RSA keys will be only supported in PyCrypto 2.7 (right now there is an alpha version available on the web site). However, AES encryption will be applied at the PKCS#8 level (binary) and not at the PEM level (the text envelope).
That is not what you ask but it is way better, because the key stretching routine used for PEM is not secure.
You will do for instance:
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
print key.exportKey('PEM', 'secret', pkcs=8, protection='PBKDF2WithHMAC-SHA1AndAES256-CBC')
Upvotes: 2
Related Questions
- Cipher AES key with RSA
- Using RSA in Python
- How to encrypt data with RSA private key in python?
- How can I encrypt with a RSA private key in python?
- python - cryptography - generate new RSA private key
- Creating a custom RSA Key
- Generating and using RSA keys with Python
- How to use encrypted RSA private key with PyCrypto?
- RSA generate private key from data with python
- Implementing full RSA in Python