AES256 support for PKCS#12 #7043
Comments
|
If I locally patch Cryptography and change these lines cryptography/src/cryptography/hazmat/backends/openssl/backend.py Lines 2196 to 2199 in 4a4f4d9 into nid_cert = 427
nid_key = 427
# At least we can set this higher than OpenSSL's default
pkcs12_iter = 2048(427 being the value of NID_aes_256_cbc) And Windows seems to load and import it into it's certificate store just fine. |
|
@reaperhulk is there any reason not to move to AES for PKCS#12? I assume one concern is compatibility, but with what? |
|
We originally chose this because PKCS12 is trash and trying to use AES resulted in lots of things being unable to read the files we created. However, OpenSSL 3.0 defaults to
|
|
Let's do it!
…On Tue, Apr 5, 2022 at 7:58 PM Paul Kehrer ***@***.***> wrote:
We originally chose this because PKCS12 is trash and trying to use AES
resulted in lots of things being unable to read the files we created.
However, OpenSSL 3.0 defaults to NID_aes_256_cbc so it seems likely we
could make this change as well. Changelog entry from OpenSSL:
pkcs12 now uses defaults of PBKDF2, AES and SHA-256, with a MAC iteration
count of PKCS12_DEFAULT_ITER.
—
Reply to this email directly, view it on GitHub
<#7043 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBD74LKXQCG4DERODQ3VDTHSXANCNFSM5STAZ6QA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Regarding compatibility: It might be an idea to let people select 3DES still. For example I can also send in a merge request with the things above changed. But I have no experience with the rest of Cryptography's code base and certainly not the Rust/C part of it. So, happy to send in a merge request but not sure if I can finish it 'till the end. |
|
I've also done some tests regarding compatibility with AES-256-CBC encrypted PKCS12 files:
|
|
Thanks for doing those tests, that's really helpful. I think the path forward here is implementing a new, more flexible encryption option that lets you pick TDES or AES and then maybe have a one release window where we warn people that the encryption default will change in the next release for What that API should look like is unclear to me though. There was a past experiment with expanding what PKCS8 encryption could do (#5656) but it never defined a public API. |
|
While you are at it, please consider also adding support for selecting the MAC algorithm, which is done like so on the openssl command line:
I expected I would be able to implement a subclass to Using the above command line gives the following info: |
|
It seems like @AHalvar 's remark about being able to set the MAC algo is an important one. With v37.0's move to OpenSSL 3, it also changed to it's defaults. So now the PKCS12 functions create files with 3DES encryption but with a SHA256 MAC. Guess what... Windows 2016 server cannot read such files 🤦 .it must have a MAC of SHA1. So, it has become impossible as of version 37 to create windows 2016 and older compatible PFX files. I tried adding this code to the from cryptography.hazmat.primitives.hashes import SHA1
...
md = self._evp_md_non_null_from_algorithm(SHA1)
self._lib.PKCS12_set_mac(
p12, password_buf, -1, self._ffi.NULL, 0, mac_iter, md
) |
|
Server 2016 should be ashamed of itself, but here we are. There's some work going on in #7178 but we need to land some new features in boringssl for that to merge. It does not currently do anything with the MAC, but it would appear it needs to. |
|
Would it be possible to expose I tried compiling on windows but I can't manage to get OpenSSL bindings to work. Keeps complaining about DLLs that aren't found and the _openssl.pyd file is also just a couple of hundred KB. |
|
Adding that binding is fine, although it's not available in all versions we support so the standard set of conditionals will have to be used. |
|
@reaperhulk any chance for the extra binding to be available in a release any time soon? I see it didn't got included in 37.0.3 I now need to tell users to get OpenSSL installed and then to run a bunch of cryptic openSSL commands to create usable PKCS#12 files. |
|
It will be in 38.0, but I also intend to diagnose and fix this generally before we release 38.0. We could potentially backport for 37.0.4 as well, although we’re waiting on openssl for 3.0.5 there. |
I came across this piece of code in the openssl backend:
cryptography/src/cryptography/hazmat/backends/openssl/backend.py
Lines 2194 to 2202 in 4a4f4d9
It's part of what gets called when creating a PKXS#12 file and It uses 3DES for the encryption.
Is there any way to switch this to something like AES256?
When exporting to a PFX in windows 10, you can do this as mentioned here
Also, you can make such PFX file though openSSL as mentioned here (and here for v1.1.1):
The text was updated successfully, but these errors were encountered: