You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Working with PKCS12 export, I noticed that PKCS12 files created by cryptography version 41.0.4 always use a MAC iteration count of 1.
Output from openssl pkcs12 -info of a file generated by cryptography:
MAC: sha256, Iteration 1
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 20000, PRF hmacWithSHA256
Code comments in cryptography suggest this is done based on guidance from OpenSSL man page, but it seems like OpenSSL itself is not following their own advice. Maybe we should follow what OpenSSL actually does, rather than what its documentation states?
These defaults are: 40 bit RC2 encryption for certificates, triple DES encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1.
The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility is not required then mac_iter should be set to PKCS12_DEFAULT_ITER.
This comment is present even in the latest OpensSSL man page. However, OpenSSL's own openssl pkcs12 -export CLI command does not follow this guidance, with or without the -legacy option...
While I don't think this is a particularly big deal, I'm also not opposed to changing it since OpenSSL has done so. Making it configurable is also fine, although at some point soon-ish we'll be converting the PKCS12 builder and doing much of the PKCS12 structure generation via rust-asn1 (parsing will remain OpenSSL).
Working with PKCS12 export, I noticed that PKCS12 files created by
cryptography
version 41.0.4 always use a MAC iteration count of 1.Output from
openssl pkcs12 -info
of a file generated by cryptography:Code comments in cryptography suggest this is done based on guidance from OpenSSL man page, but it seems like OpenSSL itself is not following their own advice. Maybe we should follow what OpenSSL actually does, rather than what its documentation states?
Relevant code comment from cryptography:
cryptography/src/cryptography/hazmat/backends/openssl/backend.py
Lines 1721 to 1724 in fc11bce
Relevant quote from the OpenSSL man page:
This comment is present even in the latest OpensSSL man page. However, OpenSSL's own
openssl pkcs12 -export
CLI command does not follow this guidance, with or without the-legacy
option...OpenSSL CLI commands
Output:
Notice they're using
Iteration 2048
.Also tested this with OpenSSL 1.1.1n, which does not have the `-legacy` option, but also uses 2048 iterations
The text was updated successfully, but these errors were encountered: