On Fri, Jul 02, 2004, Jack Lloyd wrote:

> On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
> 
> [...]
> > OpenSSL already supports various private key formats which only use FIPS
> > approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> > solution is to just change the behaviour of PEM_write_PrivateKey() and friends
> > to call the PKCS#8 variants. The openssl pkcs8 utility can readily convert
> > between the formats.
> 
> I can't remember offhand, but doesn't OpenSSL also support RC2 with PKCS #5
> v2.0? In theory you can use any algorithm you want with PKCS #5, as long as you
> assign it an OID. Generally one uses 3DES with SHA-1, in which case you're
> clear (FIPS-wise), but RC2 or DES with MD5 is not uncommon.
> 

Yes its possible to use just about anything with PKCS#5 v2.0 or more
specifically PBES2 provided the symmetric algorithm has an OID and an
appropriate AlgorithmIdentifier syntax defined. 

There are a few cases which have an OID but OpenSSL doesn't support the AlgID
such as RC4, RC5 and the feedback cipher modes.

PBES1 will only support a few modes specified by specific OIDs. PBES1 can't
generate enough keying material for algorithms with longer keys.

Its also possible to use PKCS#12 PBE algorithms with PKCS#8.

> Speaking of which, how does that work, in terms of the FIPS? When reading in,
> say, a DSA key, if it happens to be encrypted with RC2, and you decrypt the
> key, are you not FIPS-140 compliant anymore? Because it seems like if the key
> was unencrypted you could still be FIPS compatible (for level 1, at least).
> 

Pass.

Another issue is whether FIPS-140 makes any restrictions on which key
derivation algorithms can be used. If it does then all bets are off.

> I do think this is a good idea in general. For one thing, PKCS #8 is readable
> by pretty much everything (for some definitions of everything), while OpenSSL's
> PEM-ish format is readable by OpenSSL and ...
> 

Well I do know of a few things that read the traditional PEM encrypted format,
Putty is one.

PKCS#8 is readable by many more applications but I'm not sure how many
support PBES2.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to