Re: How to set amount of salt for PBKDF2/PKCS8 keys?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 08/01/2021 00:59, Mathias Ricken wrote:
> How do I sell openssl to use more salt when generating the private key?

Unfortunately the pkcs8 tool does not support setting a custom salt
length and always uses the default length of 64 bits.

The best I can offer you is a hack of the tool to change the default to
128 bits (16 bytes):

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 205536560a..14700e5d12 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -229,7 +229,7 @@ int pkcs8_main(int argc, char **argv)
                                                 scrypt_N, scrypt_r,
scrypt_p);
                 else
 #endif
-                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 16, NULL,
                                             pbe_nid);
             } else {
                 pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);



Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux