- From: Peter Bielak, Executive Manager <peter@safebash.com>
- Date: Mon, 29 Aug 2016 02:24:01 +0200
- To: "public-webcrypto-comments" <public-webcrypto-comments@w3.org>, "Eric Roman" <ericroman@google.com>
- Message-ID: <156d3ae7511.1165012e6309309.2924526283884112096@safebash.com>
Hello Roman, thank you very much for your answer it helped me a LOT and really pushed me in the right direction however I still need a little help. I derived key using PBKDF2 and wrapped key using AES-CBC mode then I chose the ASN.1 way of doing this. wrappedKey serialized into EncryptedPrivateKeyInfo. (I literally hardcoded the ASN.1 structure in hex manually), then encoded the result to base64 and appended header, footer and added lines (64 characters each - \r\n). This is the actual encrypted private key: -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFJzBRBgkqhkiG9w0BBQ0wRDAjBgkqhkiG9w0BBQwwFgQQl477kT98dGhTwSsu bLOH9AICCAAwHQYJYIZIAWUDBAEqBBBs5oMjX2viIEPeNvDXYmPyBIIE0BtA+Zgt +BBc/EeBKu7Mg56q5SbDwJsk91d7yM5VLZFT6feae30/B7MWyMrtPKNKYZxXncvA g8MBY7VoeDZ3L+hLdd1yM4vVbKMYxhRkjwbaYjUgwtx3iRQFgxuj1dn552iOsIkO IRLa/B0kK8z5/L1JM8w9CJh21t4HGclaTY+PzRgAOhaO7SibkghdbIRdlKIgyz7U IKXTjBIQGvtxD2kBn71WaAmtyaGHXYmE4uf1sFU/JS9lVzMVQeWTzpRlS+yfdQ6E 2KovbcxPaTK+giGbH/YzSqtiLAzLf4gz8Dn5IahnGViF5NI5zY1ZouxbGpRyR61y a504wZenU77yA38LpETjzvsD6PXtBZA/RjdYF9yRmvvCLrBUV2DmgbqlPylnF4ME Gg3rqG86agvV0cJxxZKJ4Ymrkwr9vPb1t8jstn3+vfuApxTNTedzwjCX5+zMcp4C VGfYrAJYSU6hB+7TIOUnZzZ0rwOtig7T4jBSfuGM+WWaCU9Q4WntKRhcgGeMGcER UHO9Oh1HdrNYSIh+d9ePe4iH4engkR1gY51PlHb4M/6Ip4P3PO53efP46ttHR8K7 M1vKLtne4ETfs4EJiJ3lbZnnZC85tgFpuFTgWSVxtHXtLzYvuUvUGMvSBFhf/luI OFEjBkcchlMMYZpJPyvq453SrBAlj+9U8UtdOCpBntyxqRSBx42Kg2bGX2wxpsdr eNLIA+eo6zYjmvcXveTol8jtL1io4qyRqCZNaPrR1DTWbH6E74nVgPA8TCYyaFW4 DRACP4/x1p3L0TUMK+dhJHdg63DBE04aXxvQ3940L12lBdnn6QL8O94mlRr8GZnw kzkmesZnWVcfZ5+fKUF0y+cdYFrmLpQLGv7St+wNultjrUth1ofzTF9bYZgG/7gQ lFC4Fg/6iOvZZ4Yq62ZdCaMlHe9ugTJfTuEGguh1boLPPUvqW10KJPC3Dv4zIxAo he0EDjbHdrANbd7GRwxDJ3VP6Zg/fsWXNLjQrfShe5kgfRYcfpv+kJJL8dLWgTkQ lkthp3KPtWYaLcjdsNT4yXY1Tb4ild1DAbLq5bczYnDmhKghIi4rZkkG+P1JgAmL rsONiKh1/E+D9r4AfDNpSKh9FLfCbiT4bU8a/dwYJgdMjGBg75A6QV0vHXrFfjvQ M3QRoALAllQA2iEXpo3FF6TEzicF3uXXqICw4qJn7ddiw926x7BC93rnMPDFYNBj YiA9F7n4i6uYeX3W7eb8jY9kx5kE2KJQvqQ6B/uKQ83HZ4T7kfK3M8FZq1YQZLpk l8Ts8TFFSA2sxkntxn1+vtiqDqaIZlw6p7gXDlz2SOGscdqVzG4c2gRmKKYyHXLR wHSeLxfkRRwe3yMlA0h7Cny3oYgc61zLiVKYGyMyphCTtMDQrNFRA1YT7jBvEZ1L hkTeRIe4JaGsSlEk30uasUjSjM61BB3h43jTYehCwsE5CPoZCUZTCgLBtC7Rd6xD EO/myt30IfbBaNLbUMf97QcL9VzQYn7zoKjyi/N7p5XK3tXt9zDvZ7gvmdLx/Cof oC8D4vA4VrniuwJPwuElA3ENjWqcTcvWvqEOsY6I+osdTvT74vjD6yosxTbI+vw+ z7JkSHdjbOzMmy4qZXPSIQunn811w/8Vzo4h -----END ENCRYPTED PRIVATE KEY----- and in hex: 30820527305106092a864886f70d01050d3044302306092a864886f70d01050c30160410978efb913f7c746853c12b2e6cb387f402020800301d060960864801650304012a04106ce683235f6be22043de36f0d76263f2048204d01b40f9982df8105cfc47812aeecc839eaae526c3c09b24f7577bc8ce552d9153e9f79a7b7d3f07b316c8caed3ca34a619c579dcbc083c30163b5687836772fe84b75dd72338bd56ca318c614648f06da623520c2dc77891405831ba3d5d9f9e7688eb0890e2112dafc1d242bccf9fcbd4933cc3d089876d6de0719c95a4d8f8fcd18003a168eed289b92085d6c845d94a220cb3ed420a5d38c12101afb710f69019fbd566809adc9a1875d8984e2e7f5b0553f252f6557331541e593ce94654bec9f750e84d8aa2f6dcc4f6932be82219b1ff6334aab622c0ccb7f8833f039f921a867195885e4d239cd8d59a2ec5b1a947247ad726b9d38c197a753bef2037f0ba444e3cefb03e8f5ed05903f46375817dc919afbc22eb0545760e681baa53f29671783041a0deba86f3a6a0bd5d1c271c59289e189ab930afdbcf6f5b7c8ecb67dfebdfb80a714cd4de773c23097e7eccc729e025467d8ac0258494ea107eed320e527673674af03ad8a0ed3e230527ee18cf9659a094f50e169ed29185c80678c19c1115073bd3a1d4776b35848887e77d78f7b8887e1e9e0911d60639d4f9476f833fe88a783f73cee7779f3f8eadb4747c2bb335bca2ed9dee044dfb38109889de56d99e7642f39b60169b854e0592571b475ed2f362fb94bd418cbd204585ffe5b8838512306471c86530c619a493f2beae39dd2ac10258fef54f14b5d382a419edcb1a91481c78d8a8366c65f6c31a6c76b78d2c803e7a8eb36239af717bde4e897c8ed2f58a8e2ac91a8264d68fad1d434d66c7e84ef89d580f03c4c26326855b80d10023f8ff1d69dcbd1350c2be761247760eb70c1134e1a5f1bd0dfde342f5da505d9e7e902fc3bde26951afc1999f09339267ac66759571f679f9f294174cbe71d605ae62e940b1afed2b7ec0dba5b63ad4b61d687f34c5f5b619806ffb8109450b8160ffa88ebd967862aeb665d09a3251def6e81325f4ee10682e8756e82cf3d4bea5b5d0a24f0b70efe3323102885ed040e36c776b00d6ddec6470c4327754fe9983f7ec59734b8d0adf4a17b99207d161c7e9bfe90924bf1d2d6813910964b61a7728fb5661a2dc8ddb0d4f8c976354dbe2295dd4301b2eae5b7336270e684a821222e2b664906f8fd4980098baec38d88a875fc4f83f6be007c336948a87d14b7c26e24f86d4f1afddc1826074c8c6060ef903a415d2f1d7ac57e3bd0337411a002c0965400da2117a68dc517a4c4ce2705dee5d7a880b0e2a267edd762c3ddbac7b042f77ae730f0c560d06362203d17b9f88bab98797dd6ede6fc8d8f64c79904d8a250bea43a07fb8a43cdc76784fb91f2b733c159ab561064ba6497c4ecf13145480dacc649edc67d7ebed8aa0ea688665c3aa7b8170e5cf648e1ac71da95cc6e1cda046628a6321d72d1c0749e2f17e4451c1edf232503487b0a7cb7a1881ceb5ccb8952981b2332a61093b4c0d0acd151035613ee306f119d4b8644de4487b825a1ac4a5124df4b9ab148d28cceb5041de1e378d361e842c2c13908fa190946530a02c1b42ed177ac4310efe6caddf421f6c168d2db50c7fded070bf55cd0627ef3a0a8f28bf37ba795caded5edf730ef67b82f99d2f1fc2a1fa02f03e2f03856b9e2bb024fc2e12503710d8d6a9c4dcbd6bea10eb18e88fa8b1d4ef4fbe2f8c3eb2a2cc536c8fafc3ecfb2644877636ceccc9b2e2a6573d2210ba79fcd75c3ff15ce8e21 but when I try to decrypt the key using OpenSSL it does not work, even though everything seems to be okay in http://lapo.it decoder. I was wondering where in the ASN.1 structure do I specify hash used for PBKDF2 and number of iterations and also if you could check what is wrong with the key above. salt is specified below 1.2.840.113549.1.5.12 OID and initialization vector below 1.2.840.113549.3.7 OID in the structure. Number of iterations that is used is 2048. (I would like to use 300 000 once working) and passphrase is 'pass' (without quotes). Thank you very much in advance! Best Regards, Peter
Received on Monday, 29 August 2016 00:25:16 UTC