Security options for encrypted private keys

CryptoSys PKI Pro Manual

Security options for encrypted private keys

Private keys are created and saved by default in a PKCS#8 encrypted format, protected by a password. The default algorithm is "pbeWithSHAAnd3-KeyTripleDES-CBC" from PKCS#12.

To increase security use one of the stronger PBES2 encryption schemes from PKCS#5 v2 using the key derivation function PBKDF2:

PKI_PBE_PBKDF2_DESEDE3 for PBKDF2 using des-EDE3-CBC
PKI_PBE_PBKDF2_AES128 for PBKDF2 using aes128-CBC
PKI_PBE_PBKDF2_AES192 for PBKDF2 using aes192-CBC
PKI_PBE_PBKDF2_AES256 for PBKDF2 using aes256-CBC

[Changed in v11.0] The above option values are a simplified alternative to PKI_PBE_PBES2+PKI_BC_AES128, etc.

The default pseudorandom function (PRF) for PBKDF2 is hmacWithSHA1. To use a stronger HMAC function from the SHA-2 family in the PRF for PBKDF2, add one of the following options

PKI_HMAC_SHA224 for hmacWithSHA224
PKI_HMAC_SHA256 for hmacWithSHA256
PKI_HMAC_SHA384 for hmacWithSHA384
PKI_HMAC_SHA512 for hmacWithSHA512

For legacy applications, you can still use the old, less secure, PBES1 schemes using DES from PKCS#5 v1.5. These are definitely not recommended for new applications. Not available for ECC private keys.

[Changed in v11.0] note that the values for these flags have changed.

PKI_PBE_MD5_DES for pbeWithMD5AndDES-CBC (legacy, not recommended)
PKI_PBE_MD2_DES for pbeWithMD2AndDES-CBC (legacy, not recommended)
PKI_PBE_SHA_DES for pbeWithSHA1AndDES-CBC (legacy, not recommended)

Remember that the security of all these schemes is limited by the strength of the password used. Other applications may not support all the alternatives provided here.

[Contents] [Index]

[PREV: Internal key strings...] [Contents] [Index]

[NEXT: Elliptic Curve Cryptography (ECC)...]