LibreSSL: We are more secure than OpenSSL.
Also LibreSSL: lol no -Werror
Conversation
Replying to
LibreSSL also doesn't support PKCS#5 with "modern" algorithms (AES, PBKDF2)
I believe the best you can do is 3DES w\ the "PBES1" password-based key derivation
1
6
Yup, pretty much the only application of it I'm even familiar with
1
2
I think mainline OpenSSL might continue to support it, but it is no longer the default.
I think it is still the default for LibreSSL, but I'd have to double check.
1
1
2
LibreSSL definitely doesn't understand the "-v2prf" argument:
$ openssl version
LibreSSL 2.8.3
$ openssl pkcs8 -v2prf hmacWithSHA256 -topk8 -in ed25519-priv.der -out ed25519-priv-enc-v2.der
unknown option '-v2prf'
1
2
1
OpenSSL also supports `openssl pkcs8 -scrypt` as an extension and that doesn't appear to be supported by LibreSSL either.
2
1
1
AOSP uses assorted signing keys in this format for signing releases. I'm aware of the -scrypt switch since I looked into improving this last year.
The AOSP signing tooling largely doesn't even support the v2 algorithms and is impractical since it repeatedly decrypts the keys.
1
1
It also has further usability issues. Historically, we never used it and relied entirely on disk encryption for the signing machine. Most people building themselves likely have the keys on their workstation.
Ended up making at rest key encryption usable by hacking it together.
For what it's worth, I didn't have a particular use case in mind when I wrote the `pkcs5` crate. I mostly used it as an acid test for the `der` crate and ability to handle AlgorithmIdentifiers/OIDs, which PKCS#5 relies on heavily
1