Open
Bug 1373733
Opened 7 years ago
Updated 2 years ago
PKCS#12 files with scrypt key derivation function are not supported
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: hkario, Unassigned)
Details
Description of problem: Import of PKCS#12 files with scrypt key derivation function is not supported. How reproducible: Always Steps to Reproduce: 1. download https://github.com/redhat-qe-security/keyfile-corpus 2. pk12util -l 'keyfile-corpus-keyfiles-0.1.2/rsa(2048,sha256),cert&key(PBES2(scrypt(salt(64),N(16384),r(8),p(1)),aes-256-cbc(IV(16)))),mac(sha512,salt(64),iter(1000000)),pass(ascii).p12' -v -w keyfile-corpus-keyfiles-0.1.2/password-ascii.txt Actual results: pk12util: PKCS12 decode validate bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. Expected results: Key listed Additional info:
Comment 1•7 years ago
|
||
NSS doesn't implement scrypt afaik. Not sure if someone is interesting in implementing scrypt.
Comment 2•7 years ago
|
||
I had work-in-progress patches written long ago: https://github.com/ueno/nss/tree/wip/dueno/scrypt Although the original request from our internal customer was to add it in a lower level (freebl), it might make some sense to integrate it to PKCS#5 and PKCS#12 and expose it through pk11wrap API. The missing pieces are: - add "diversifier" field to the parameters structure, so it can be used for all PKCS#5 operations (suggested by Bob) - actually use it from PKCS#5 and PKCS#12 - possibly use libscrypt code directly, as there is no conflict between MPL and BSD - add test cases
Updated•7 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•