LibreSSL: We are more secure than OpenSSL.
Also LibreSSL: lol no -Werror
Conversation
Replying to
LibreSSL also doesn't support PKCS#5 with "modern" algorithms (AES, PBKDF2)
I believe the best you can do is 3DES w\ the "PBES1" password-based key derivation
1
6
Yup, pretty much the only application of it I'm even familiar with
1
2
I think mainline OpenSSL might continue to support it, but it is no longer the default.
I think it is still the default for LibreSSL, but I'd have to double check.
1
1
2
LibreSSL definitely doesn't understand the "-v2prf" argument:
$ openssl version
LibreSSL 2.8.3
$ openssl pkcs8 -v2prf hmacWithSHA256 -topk8 -in ed25519-priv.der -out ed25519-priv-enc-v2.der
unknown option '-v2prf'
1
2
1
OpenSSL also supports `openssl pkcs8 -scrypt` as an extension and that doesn't appear to be supported by LibreSSL either.
1
AOSP uses assorted signing keys in this format for signing releases. I'm aware of the -scrypt switch since I looked into improving this last year.
The AOSP signing tooling largely doesn't even support the v2 algorithms and is impractical since it repeatedly decrypts the keys.
1
1
Show replies
LibreSSL doesn't have any scrypt code at all
But at least it seems to have PBKDF2 for PKCS#5 because it was there before the fork github.com/libressl-porta
Whether this is a bar to pass at all is a question left as an exercise
1
If there's a way to use PKCS#5v2.1's PBES2 (i.e. the one that supports PBKDF2) with LibreSSL at all, I haven't figured it out:
Quote Tweet
Replying to @bascule @erincandescent and @davidcadrian
LibreSSL definitely doesn't understand the "-v2prf" argument:
$ openssl version
LibreSSL 2.8.3
$ openssl pkcs8 -v2prf hmacWithSHA256 -topk8 -in ed25519-priv.der -out ed25519-priv-enc-v2.der
unknown option '-v2prf'
1
Show replies