[openssl-dev] Possible PBKDF2-params bug
Tantaryu MING
ming.sa at outlook.com
Fri Sep 4 16:25:28 UTC 2015
Hi guys,
I read up the standards for PKCS#5 v2.0 and I think when we are using openssl pkcs8 command to generate a pkcs#5 private key, the format returned is not according to the specification.
According to https://tools.ietf.org/html/rfc2898#appendix-A.2: PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
algid-hmacWithSHA1 }
It seems like after iterationCount, both keyLength and prf is group under a new ASN1.Sequence, instead of all 4 under the same ASN1.sequence. This is the command I used: openssl pkcs8 -in key.pem -outform pem -topk8 -v2 aes256 -v2prf hmacWithSHA256
I'm wondering is this a bug or it needs to reference another specification? I can help fix it if it's a bug.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150905/cdca9bc8/attachment-0001.html>
More information about the openssl-dev
mailing list