Dr. Stephen Henson wrote:
On Tue, Jun 21, 2005, Nick G. wrote:
Hello,
I have a need to read an encrypted RSA Private Key generated using
openssl with a java program. I have included some background at the end
of this message, but my question is basically: how is the pass phrase
converted into the key part? I can get the IV from the DEK-Info line,
but I can't seem to figure out (by looking at the openssl source) how
the key portion of the decryption key is created from the password
entered by the user. Right now I am simply converting the pass phrase
into a bytes and using that as the key portion. I believe this is
incorrect, but I don't know what else to try. Also, I assume that the
key is _not_ encrypted with PBE (since it is not padded per pkcs5). Is
this assumption correct? Finally, once decrypted, will the key have the
same asn1 schema as a key written in the clear?
Please excuse me if these questions are already answered in the
archives, as I was unable to locate any posts with this information
(probably poor choice of search terms!) Also, if the transformation of
the pass phrase into key is covered in some rfc I have yet to discover a
shove in the right direction would be appreciated!
Background:
I have been able to generate/convert keys using openssl in the following
formats and successfully read them using a java program:
pkcs8 - clear text
pkcs8 - des encrypted
rsa - clear text
However, I'm using the key for Apache mod_ssl and the only formats it
seems to accept are:
pkcs8 - clear text
rsa - clear text
rsa - des encrypted
Since we want to protect the key using at least des encryption and I
can't seem to make Apache read the pkcs8 format keys when they are
encrypted (perhaps the httpd folks are using the wrong callback?), I
thought making java decrypt the RSA key would be the "simplest" solution.
Any OpenSSL application should transparently handle PKCS#8 clear text or
encrypted keys. But make sure you have the correct PEM headers.
If you try:
openssl rsa -in key.pem -noout -text
and that can correctly decrypt the key you should have no problems with Apache
unless it does something weird.
The PKCS#8 formats OpenSSL uses are all standard and it can use a variety of
password based encryption (PBE) algorithms included PKCS#5 v1.5, v2.0 and
PKCS#12.
The other 'traditional' format for OpenSSL private key encyption is
non-standard and has remained unchanged since the SSLeay days.
It *is* documented. See:
http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT
and
http://www.openssl.org/docs/crypto/EVP_BytesToKey.html#KEY_DERIVATION_ALGORITHM
Thank you, this is exactly what I was searching for. Sadly, I had even
guessed that maybe the DEK-Info was the salt [and not an IV], and
guessed the iteration count might be one, but couldn't get that to work
either. Obviously, I gave up to soon!
WRT Apache I did verify that OpenSSL can read the keys I created using:
openssl genrsa -out clr.rsa 1024
then
openssl pkcs8 -v1 PBE-MD5-DES -in clr.rsa -topk8 -out enc.des.v1.pkcs8
or
openssl pkcs8 -v2 des -in clr.rsa -topk8 -out enc.des.v2.pkcs8
or
openssl pkcs8 -v2 des3 -in clr.rsa -topk8 -out enc.des3.v2.pkcs8
and that the output from the command you suggested above is identical
for all the keys but that Apache will not accept any of the encrypted
PKCS#8 versions (prompts for passphrase, but then claims the pass phrase
was bad no matter how many times I try to type it in correctly!). I will
report this as bug to them.
FYI, The new Java5 stuff will also croak when deciphering the v2
algorithms claiming that it: "Cannot find any provider supporting
1.2.840.113549.1.5.13" (1.2.etc is the OID for TripleDES, right?)<sigh>
Again, thank you for the help.
Cheers!
Nick
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
