[erlang-bugs] PEM encoding problems with PBES2-params in public_key
Ingela Anderton Andin
Ingela.Anderton.Andin@REDACTED
Thu May 8 12:24:14 CEST 2014
Hi!
Thank you for reporting this, it sounds like a bug. I will make at
ticket for it.
Regards Ingela Erlang/OTP team Ericsson AB
On 05/07/2014 11:04 AM, Dániel Szoboszlay wrote:
> Hi,
>
> I tried to export an RSA key in PEM format using PBES2 encryption (using
> Erlang/OTP 17.0). The first problem I noticed is a documentation issue:
> public_key states that
>
> cipher_info() = {"RC2-CBC | "DES-CBC" | "DES-EDE3-CBC",
>
> crypto:rand_bytes(8)} |'PBES2-params'}
>
> However the last option should be a #'PBES2-params'{} record, not an
> atom in reality. This record is not documented in neither the user’s
> guide nor the reference manual.
>
> After reading some source code I came up with the following snippet,
> which almost works:
>
> Rand = crypto:rand_bytes(8),
> Params = #'PBES2-params'{
> keyDerivationFunc =
> #'PBES2-params_keyDerivationFunc'{
> algorithm = ?'id-PBKDF2',
> parameters =
> #'PBKDF2-params'{
> salt = {specified, Rand},
> iterationCount = 1,
> keyLength = 24,
> prf =
> #'PBKDF2-params_prf'{
> algorithm = ?'id-hmacWithSHA1'
> }
> }
> },
> encryptionScheme =
> #'PBES2-params_encryptionScheme'{
> algorithm = ?'des-EDE3-CBC',
> parameters = <<4, 8, Rand/binary>>
> }
> },
> Entry = public_key:pem_entry_encode('RSAPrivateKey', RSAKey,
> {{"DES-EDE3-CBC", Params},
> "1234abcd"}),
> public_key:pem_encode([Entry]).
>
> The problem is that Entry will contain the #'PBES2-params'{} record, but
> pubkey_pem:encode_pem_entry/1 accepts only a salt (a binary) in that
> position.
>
> As far as I can tell decoding PEM files with PBES2-params work as
> expected, but encoding doesn’t, and this limitation is not documented.
>
> Regards,
> Daniel
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
>
More information about the erlang-bugs
mailing list