diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-05-11 13:41:58 +0200 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-05-11 21:36:10 +0200 |
| commit | 8fc06e8860d91aefa32f0de2dd7d46a719b81cad (patch) | |
| tree | 974edc6e5d7247be997b216550ed167cfa8e57aa /doc | |
| parent | Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c (diff) | |
| download | openssl-8fc06e8860d91aefa32f0de2dd7d46a719b81cad.tar.xz openssl-8fc06e8860d91aefa32f0de2dd7d46a719b81cad.zip | |
Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default.
Update documentation.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/pkcs8.pod | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index 8d28a123a1..6b526853e6 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -57,7 +57,7 @@ private key is used. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the +This specifies the output format, the options have the same meaning as the B<-inform> option. =item B<-in filename> @@ -100,28 +100,26 @@ code signing software used unencrypted private keys. =item B<-v2 alg> -This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8 -private keys are encrypted with the password based encryption algorithm -called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it -was the strongest encryption algorithm supported in PKCS#5 v1.5. Using -the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any -encryption algorithm such as 168 bit triple DES or 128 bit RC2 however -not many implementations support PKCS#5 v2.0 yet. If you are just using -private keys with OpenSSL then this doesn't matter. +This option sets the PKCS#5 v2.0 algorithm. The B<alg> argument is the encryption algorithm to use, valid values include -B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. +B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256> +is used. =item B<-v2prf alg> This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value -values would be B<hmacWithSHA256>. If this option isn't set then the default -for the cipher is used or B<hmacWithSHA1> if there is no default. +value would be B<hmacWithSHA256>. If this option isn't set then the default +for the cipher is used or B<hmacWithSHA256> if there is no default. + +Some implementations may not support custom PRF algorithms and may require +the B<hmacWithSHA1> option to work. =item B<-v1 alg> -This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete -list of possible algorithms is included below. +This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 for is used. =item B<-engine id> @@ -145,6 +143,13 @@ sets the scrypt B<N>, B<r> or B<p> parameters. =head1 NOTES +By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +AES with HMAC and SHA256 is used. + +Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit DES. + The encrypted form of a PEM encode PKCS#8 files uses the following headers and footers: @@ -161,13 +166,6 @@ counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered important the keys should be converted. -The default encryption is only 56 bits because this is the encryption -that most current implementations of PKCS#8 will support. - -Some software may use PKCS#12 password based encryption algorithms -with PKCS#8 format private keys: these are handled automatically -but there is no option to produce them. - It is possible to write out DER encoded encrypted private keys in PKCS#8 format because the encryption details are included at an ASN1 level whereas the traditional format includes them at a PEM level. @@ -228,8 +226,8 @@ Read a DER unencrypted PKCS#8 format private key: Convert a private key from any PKCS#8 format to traditional format: openssl pkcs8 -in pk8.pem -out key.pem - -Convert a private key to PKCS#8 format, encrypting with AES-256 and with + +Convert a private key to PKCS#8 format, encrypting with AES-256 and with one million iterations of the password: openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem @@ -259,7 +257,7 @@ the old format at present. =head1 SEE ALSO L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>, -L<gendsa(1)> +L<gendsa(1)> =head1 HISTORY |