Firefox should use modern algorithms in PKCS#12 files by default
Categories
(Core :: Security: PSM, task, P5)
Tracking
()
Tracking | Status | |
---|---|---|
firefox91 | --- | fixed |
People
(Reporter: jhorak, Assigned: jhorak)
Details
Attachments
(3 files, 1 obsolete file)
[Kind of lost about component, please check if you know more]
I was asked to implement the usage of newer encryption methods for the PKCS#12 export to file:
https://bugzilla.redhat.com/show_bug.cgi?id=1764205
From the report: The file should use AES-128-CBC with PBKDF2 and SHA-256.
Reproduction:
- Preferences/View certificates/Your Certificates/Backup...
Expected to get similar ouput:
$ openssl pkcs12 -passin pass: -passout pass: -in exported_cert.p12 -out /dev/null -info -noout
MAC: sha256, Iteration 600000
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 600000, PRF hmacWithSHA256
Certificate bag
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-128-CBC, Iteration 600000, PRF hmacWithSHA256
Comment 1•3 years ago
|
||
AFAICT this lives in nsPKCS12Blob::ExportToFile
in security/manager/ssl/nsPKCS12Blob.cpp
Updated•3 years ago
|
Comment 2•3 years ago
|
||
Note: There are interop concerns with other products regarding changing the default. That doesn't mean it shouldn't be done, but is something to be aware of and communicate intentionality.
e.g. Windows intentionally calls it "not backwards compatible" (because it generally doesn't work pre-Win 10), as covered at https://twitter.com/rmhrisk/status/1115029625296416769 and https://unmitigatedrisk.com/?p=543
Comment 3•3 years ago
|
||
It should be done slowly, but AES has been supported for a while now. We should check with several existing uses to make sure they work. We doe need to start moving off of older algorithms, though.
bob
Assignee | ||
Comment 4•3 years ago
|
||
Adding functional patch for feedback, do you think it's ready for review?
Assignee | ||
Updated•3 years ago
|
Comment 5•3 years ago
|
||
It looks good, the only thing I would do would check the firefox sources and see where they may already be calling SEC_PKCS12EnableCipher. It might be in the prefs system. I'm pretty sure they must already be calling it, otherwise importing 3DES encrypted keys would fail.
Comment 6•3 years ago
|
||
Comment on attachment 9211036 [details] [diff] [review] pkcs12-aes3.patch Review of attachment 9211036 [details] [diff] [review]: ----------------------------------------------------------------- feedback was given in comment 5, clearing the feedback flag.
Assignee | ||
Comment 7•3 years ago
|
||
Hm, it seems that SEC_PKCS12EnableCipher
is no longer needed for the nightly: https://searchfox.org/mozilla-central/source/security/manager/ssl/nsNSSComponent.cpp#2735. So it seems that the changes for import is not needed on nightly. For ESR I need to do that change: https://searchfox.org/mozilla-esr78/source/security/manager/ssl/nsNSSComponent.cpp#2634
Assignee | ||
Comment 8•3 years ago
|
||
Assignee | ||
Comment 9•3 years ago
|
||
Dana, could you please give some feedback to: https://phabricator.services.mozilla.com/D110220#3615919 and Bob's comment. Thanks.
Responded in phabricator.
Updated•3 years ago
|
Assignee | ||
Comment 11•3 years ago
|
||
Set the 'security.pki.export-cert-with-new-crypto' preference to true if user wants to backup
own certificates to the file using AES-128-CBC and SHA-256 algorithms.
Updated•3 years ago
|
Assignee | ||
Comment 12•3 years ago
|
||
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Comment 13•3 years ago
|
||
Pushed by archaeopteryx@coole-files.de: https://hg.mozilla.org/integration/autoland/rev/2c342d57939b Add userpref to use AES-128-CBC and AES_256_CBC for the exported certificates; r=keeler https://hg.mozilla.org/integration/autoland/rev/b37e735f374f Use own implementation of NSS ASCIIConversionFunction to allow passing passwords in utf8; r=keeler
Comment 14•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2c342d57939b
https://hg.mozilla.org/mozilla-central/rev/b37e735f374f
Description
•