How to set amount of salt for PBKDF2/PKCS8 keys?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to set amount of salt for PBKDF2/PKCS8 keys?

Mathias Ricken

Hi,

 

I’m trying to use passphrase-protected keys with BC-FIPS, but whatever I do, I get an exception complaining about not enough salt.

 

Exception in thread "main" org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: salt must be at least 128 bits

    at org.bouncycastle.crypto.fips.FipsPBKD$Parameters.<init>(Unknown Source)

    at org.bouncycastle.crypto.fips.FipsPBKD$Parameters.withSalt(Unknown Source)

    at org.bouncycastle.jcajce.provider.ProvPBEPBKDF2$BasePBKDF2.engineGenerateSecret(Unknown Source)

    …

    at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(PKCS8EncryptedPrivateKeyInfo.java:75)

 

I’ve tried several ways to create the keys:

 

openssl genrsa -out ~/.oci/oci_api_key_passphrase.pem -aes128 2048

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genpkey -aes-256-cbc -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \

         -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \

         -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 \

         -out oci_api_key_passphrase.pem

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genrsa -out oci_api_key_passphrase.pem -aes128 2048 -S 123456789012345678901234567890

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genrsa -out oci_api_key_passphrase.pem -aes128 2048 -salt -s 123456789012345678901234567890

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

But no matter what I do, when I try to use the key with BC-FIPS, I get the error about not enough salt, and when I use openssl asn1parse, I can see that the octet string is only 64 bit:

 

openssl asn1parse -in oci_api_key_passphrase2_pk8.pem

   21:d=4  hl=2 l=   9 prim: OBJECT            :PBKDF2

   32:d=4  hl=2 l=  28 cons: SEQUENCE

   34:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:65A4890CBC5ED23C

 

and when I set a breakpoint in BC-FIPS, I see that 65A4890CBC5ED23C is the octet string that is being loaded as salt, and it’s 8 bytes = 64 bits.

 

I’ve tried this both with

 

$ openssl version

LibreSSL 2.8.3

 

and

 

$ /usr/local/opt/openssl@1.1/bin/openssl version

OpenSSL 1.1.1i  8 Dec 2020

 

How do I sell openssl to use more salt when generating the private key?

 

Thanks,

 

--Mathias

Reply | Threaded
Open this post in threaded view
|

Re: How to set amount of salt for PBKDF2/PKCS8 keys?

Matt Caswell-2


On 08/01/2021 00:59, Mathias Ricken wrote:
> How do I sell openssl to use more salt when generating the private key?

Unfortunately the pkcs8 tool does not support setting a custom salt
length and always uses the default length of 64 bits.

The best I can offer you is a hack of the tool to change the default to
128 bits (16 bytes):

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 205536560a..14700e5d12 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -229,7 +229,7 @@ int pkcs8_main(int argc, char **argv)
                                                 scrypt_N, scrypt_r,
scrypt_p);
                 else
 #endif
-                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 16, NULL,
                                             pbe_nid);
             } else {
                 pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);



Matt