How to set amount of salt for PBKDF2/PKCS8 keys?

[Mathias Ricken <mathias.ricken@xxxxxxxxxx>]

Hi,

 

I’m trying to use passphrase-protected keys with BC-FIPS, but whatever I do, I get an exception complaining about not enough salt.

 

Exception in thread "main" org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: salt must be at least 128 bits

    at org.bouncycastle.crypto.fips.FipsPBKD$Parameters.<init>(Unknown Source)

    at org.bouncycastle.crypto.fips.FipsPBKD$Parameters.withSalt(Unknown Source)

    at org.bouncycastle.jcajce.provider.ProvPBEPBKDF2$BasePBKDF2.engineGenerateSecret(Unknown Source)

    …

    at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(PKCS8EncryptedPrivateKeyInfo.java:75)

 

I’ve tried several ways to create the keys:

 

openssl genrsa -out ~/.oci/oci_api_key_passphrase.pem -aes128 2048

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genpkey -aes-256-cbc -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \

         -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \

         -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 \

         -out oci_api_key_passphrase.pem

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genrsa -out oci_api_key_passphrase.pem -aes128 2048 -S 123456789012345678901234567890

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

or

 

openssl genrsa -out oci_api_key_passphrase.pem -aes128 2048 -salt -s 123456789012345678901234567890

openssl pkcs8 -topk8 -v2 aes128 -in ~/.oci/oci_api_key_passphrase.pem -out ~/.oci/oci_api_key_passphrase_pk8.pem

 

But no matter what I do, when I try to use the key with BC-FIPS, I get the error about not enough salt, and when I use openssl asn1parse, I can see that the octet string is only 64 bit:

 

openssl asn1parse -in oci_api_key_passphrase2_pk8.pem

…

   21:d=4  hl=2 l=   9 prim: OBJECT            :PBKDF2

   32:d=4  hl=2 l=  28 cons: SEQUENCE

   34:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:65A4890CBC5ED23C

…

 

and when I set a breakpoint in BC-FIPS, I see that 65A4890CBC5ED23C is the octet string that is being loaded as salt, and it’s 8 bytes = 64 bits.

 

I’ve tried this both with

 

$ openssl version

LibreSSL 2.8.3

 

and

 

$ /usr/local/opt/openssl@1.1/bin/openssl version

OpenSSL 1.1.1i  8 Dec 2020

 

How do I sell openssl to use more salt when generating the private key?

 

Thanks,

 

--Mathias