CODEWITHSUNDEEP
encryptioncryptographyopensslpkikey-management
Henrick Hellström
Henrick Hellström

Reputation: 2666

Are there any published extensions to PKCS#12?

PKCS#12 is a convenient way to lump together a private key with its corresponding X.509 certificate into a standardized single file format. However, the specification was published by RSALabs in 1999 and uses only RC4, RC2 and TripleDES for symmetric encryption. Are there any common semi-standard extensions to the scheme that add more encryption algorithms or other key derivation functions? OpenSSL is documented to implement support for AES and Camellia, but a search for a corresponding standard turns up blank, so this seems to be something implementation specific to OpenSSL. Has anyone documented the ASN.1 module and pseudo code for these extensions?

Upvotes: 5

Views: 603

Answers (1)

Rasmus Faber
Rasmus Faber

Reputation: 49677

PKCS#12 uses building-blocks from other standards.

The recommended encryption-mode is based on password based encryption from PKCS#5 (PBES2). This has been extended with support for SHA-2 and AES in PKCS#5 v.2.1.

When OpenSSL uses AES it does it like this:

 684 30  806:                     SEQUENCE {
 688 30  802:                       SEQUENCE {
 692 06   11:                         OBJECT IDENTIFIER
            :                           pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)
 705 A0  723:                         [0] {
 709 30  719:                           SEQUENCE {
 713 30   73:                             SEQUENCE {
 715 06    9:                               OBJECT IDENTIFIER
            :                                 pkcs5PBES2 (1 2 840 113549 1 5 13)
 726 30   60:                               SEQUENCE {
 728 30   27:                                 SEQUENCE {
 730 06    9:                                   OBJECT IDENTIFIER
            :                                     pkcs5PBKDF2 (1 2 840 113549 1
5 12)
 741 30   14:                                   SEQUENCE {
 743 04    8:                                     OCTET STRING
            :                   BA 6B 5B B3 47 27 C9 73
 753 02    2:                                     INTEGER 2048
            :                                     }
            :                                   }
 757 30   29:                                 SEQUENCE {
 759 06    9:                                   OBJECT IDENTIFIER
            :                                     aes128-CBC (2 16 840 1 101 3 4 1 2)
 770 04   16:                                   OCTET STRING
            :                   0F 79 79 0A D3 EC C0 3E 20 B8 51 85 2F 2B 6C 29
            :                                   }
            :                                 }
            :                               }

As far as I can read the source, OpenSSL encodes the password as ASCII rather than zero-terminated UTF-16 when using PKCS#5 PBES2.

Upvotes: 3

Related Questions