On Fri, Jul 02, 2004, Jack Lloyd wrote: > On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote: > > [...] > > OpenSSL already supports various private key formats which only use FIPS > > approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one > > solution is to just change the behaviour of PEM_write_PrivateKey() and friends > > to call the PKCS#8 variants. The openssl pkcs8 utility can readily convert > > between the formats. > > I can't remember offhand, but doesn't OpenSSL also support RC2 with PKCS #5 > v2.0? In theory you can use any algorithm you want with PKCS #5, as long as you > assign it an OID. Generally one uses 3DES with SHA-1, in which case you're > clear (FIPS-wise), but RC2 or DES with MD5 is not uncommon. >
Yes its possible to use just about anything with PKCS#5 v2.0 or more specifically PBES2 provided the symmetric algorithm has an OID and an appropriate AlgorithmIdentifier syntax defined. There are a few cases which have an OID but OpenSSL doesn't support the AlgID such as RC4, RC5 and the feedback cipher modes. PBES1 will only support a few modes specified by specific OIDs. PBES1 can't generate enough keying material for algorithms with longer keys. Its also possible to use PKCS#12 PBE algorithms with PKCS#8. > Speaking of which, how does that work, in terms of the FIPS? When reading in, > say, a DSA key, if it happens to be encrypted with RC2, and you decrypt the > key, are you not FIPS-140 compliant anymore? Because it seems like if the key > was unencrypted you could still be FIPS compatible (for level 1, at least). > Pass. Another issue is whether FIPS-140 makes any restrictions on which key derivation algorithms can be used. If it does then all bets are off. > I do think this is a good idea in general. For one thing, PKCS #8 is readable > by pretty much everything (for some definitions of everything), while OpenSSL's > PEM-ish format is readable by OpenSSL and ... > Well I do know of a few things that read the traditional PEM encrypted format, Putty is one. PKCS#8 is readable by many more applications but I'm not sure how many support PBES2. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]