PKCS encryption schema
tangtong
tang__tong at hotmail.com
Fri Sep 25 08:17:46 CEST 2009
Hi,
I meet some question when I display an encrypted key info created by openssl. The following steps show the scenario:
openssl genrsa -des3 -out key1.pem
openssl pkcs8 -topk8 -in key1.pem -out key2.pem
certtool -k --infile key2.pem
|<1>| PKCS encryption schema OID '1.2.840.113549.1.5.3' is unsupported.
certtool: import error: The cipher type is unsupported.
I double check the source codes, it is found only the following schema are supported for a pkcs8 key for gnutls:
PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
PBES2_OID "1.2.840.113549.1.5.13"
Only the last one is for PKCS5 schema. According to PKCS8 specification, PKCS8's encryption algorithm is based on PKCS5's encryption schema. I am not sure if this means gnutls dones't fully support PKCS5 and my understanding about PKCS8 and PKCS5 is right or not.
Regards
_________________________________________________________________
上Windows Live 中国首页,下载最新版Messenger!
http://www.windowslive.cn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090925/cc5d1016/attachment.htm>
More information about the Gnutls-help
mailing list