Re: How to read encrypted PKCS#8 format key file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Nov 24, 2022 at 09:48:42AM +0530, Satyam Mehrotra wrote:

> I have encrypted pkcs#8 key file . Is there any openssl command buy which I
> can view the algorithm used to encrypt it ( i mean aes or des3 )

Removing blank lines and passing to "asn1parse" you get:

    $ openssl asn1parse -in /tmp/foo.pem | less
        0:d=0  hl=4 l=1302 cons: SEQUENCE          
        4:d=1  hl=2 l=  72 cons: SEQUENCE          
        6:d=2  hl=2 l=   9 prim: OBJECT            :PBES2
       17:d=2  hl=2 l=  59 cons: SEQUENCE          
       19:d=3  hl=2 l=  35 cons: SEQUENCE          
       21:d=4  hl=2 l=   9 prim: OBJECT            :PBKDF2
       32:d=4  hl=2 l=  22 cons: SEQUENCE          
       34:d=5  hl=2 l=  16 prim: OCTET STRING      [HEX DUMP]:54BE686300BD75A2A58678D3AA746803
       52:d=5  hl=2 l=   2 prim: INTEGER           :0800
       56:d=3  hl=2 l=  20 cons: SEQUENCE          
       58:d=4  hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
       68:d=4  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:39557361E14C06F5
       78:d=1  hl=4 l=1224 prim: OCTET STRING      [HEX DUMP]:0DFC7C23573AC5C76C368927B27178E5F877E15359E01CABE280FEAF572535985A8C7981075B995A94633193CF425432CAF9B6AE5BE978443B010CD453CF19C434DB6CD11B65ACC06F6C573EFC7FE3F667EAA4EFEC7088E953CD01AC6ADD38214275852765FF0309FB777E99EBE3A12FADC5E7DCF2A7A68F47DD018C39B1430B34C4A4329EA94E21D23B3D8B34F6F828F1340321685EC6F4E2F878A7B95EE710E8CD570109DDE90EC8D553C5A93E36E5F374E6670828DAA4F096183B77063E6F865F83E353861D864702AA18984A413B345D39464C055B8C7EB2D339AE04FEE4932F629E9736A3FA2D770528C07DCAE9950AD9CDE2EC838DABFE4BF40C745B447CF5D461B5B7EBD3BD1C050F129FC989684589CE6D780C126395C5749536A8E82902332EA9DB7174768780378D644029986FF2463184CD33B8DD1D4692ADF6CE0A9902A3459353102572A0AF981F96C66B6C2D8EF31BDAD438AB9E1D6CF897985713E6F5B5E2178A6F65AE582DEA2778E9041C2BC3C9B33EEDBFB19C439F5754FBACB61521711D7992CE2CCD5DC7A0AA543D3A93401031EFD39ABD435385C287A1F503686707A02E3AA2D5183CF9F2DA6436C7B51B46BFE31999592D35B099DE7FE68914610D09854E3B02A0773EB2367B7FA04205FC4500FED6AD0FF84E8A0EB183AFC84D2ABB1C43E8097C169097F3E2D744E3D31339AD024CD613733CC185F49C44B538ECA4BC63E7FA95E5F9A50E2DBD05DFC09724C6F729B5ACF41B5889C0C74B6979AEBEA3B5C73CA68AF8983DF69BEAC9BB8C1267E048B1AFE1D61757FA5D9543CE7FC4BA22D5A498FD9A1FB2A3430A56214F43D27A41B68C784F875AC29047608FEF4E3CFA69629C14558BABBA26063404D598AE927D34C642517AB9B458D51095EBFCFF67901ADF7151C6BCC336F447B437997E9C1C4DB3EF79D6A1CB7F673D32FED0010B6B6BE532F1E96F0DE04F20618615958628CB444CF952992FB5A3BF440501A768E9C91272B560E3F526306EE8FA61A46A7F1FB04B2B9D3954255AD4FF80C96950D20181657ED45F79C33186362686E969FE474B51E53F97F9FAA9F2FD40DDCE65C8406BE873418ED1EA6872C14420BE4A050F5715901AB5F8F21D256017B2C459F9289E00B8437C80A9DEBF857F87CDD18B29B131707984067D41B7C6B09B19CE942B9625CE69DD2F6F40F175568DBE69AD0DCD6971E87E9342DCAB8E7484C875FC2888D4EC13AB4748115DC9ECCE34B6D3C228C519FBD2BECB921946616A3F37E91F9DA275E0087D3C1AE74EF69E7EA57B94CE6A103122007D89E2C10277C0D56AD2BD18BC93B0D68DD43A4B9DF80368DD87AF55463A044CA2E603617BEA25DD37A15F8EB565FFA46160ABFAE2A47D5B9DE2AC6C8A79501389BEF33605EA95FA78521FB6561632006E45DCC4A6A9E68914CC63B3B27E1C29959A4224BE4DFB3CBEAD00C4DA6B004B5A30148543D4E83FF6AA0782A08DE95E42DEEA3B91EF45B9B14C9D28CD77DE8508CCDE4B10F2C36272C4D3CE348D4C268EE44C275F26556C66EB99BA2565D07F604BA6320FC5186847541162A0BAAA3250ECADC21DDED850B221517379BAA0241E537971325A96434C818A7FA2C3746E5DBC71074365BC6805F94A8ECAB84F6C4A9A9A1D9795667D3D342A37DECB8936ADFEC1232DA06A764DFF8166C040E62E7C0F09DCA4055200CEAC771D1139EA464CD51A947E360A

This is a PKCS#8 key using PKCS#5 PBES2 encryption, via PBKDF2 with salt
0x54BE686300BD75A2A58678D3AA746803 and 2048 iterations and an implicit
HMAC-SHA-1 PRF, encrypted with 3DES in CBC mode with 0x39557361E14C06F5
as the IV.

    https://www.rfc-editor.org/rfc/rfc8018#section-6.2.1

   PBKDF2-params ::= SEQUENCE {
       salt CHOICE {
         specified OCTET STRING,
         otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
       },
       iterationCount INTEGER (1..MAX),
       keyLength INTEGER (1..MAX) OPTIONAL,
       prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
   }

   SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
      {NULL IDENTIFIED BY id-hmacWithSHA1}                   |
      {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC}          |
      {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC}    |
      {RC2-CBC-Parameter IDENTIFIED BY rc2CBC}               |
      {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD},        |
      {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD} |
      {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD} |
      {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD},
       ...
   }

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux