Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)

Çağlar Arlı - 28 Views

Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)

I need to protect a private RSA key using a passphrase but using AES-GCM for the actual encryption. This is normally done using various a combination of openSSL library calls. However, I now need to support using AES-GCM instead of AES-CBC that is usually used. But it fails with following error:

error:0300007A:digital envelope routines::cipher parameter error

The relevant code

const EVP_CIPHER*  cipher = EVP_get_cipherbyname(SN_aes_256_gcm);
X509_ALGOR*        pbe = PKCS5_pbe2_set_iv(cipher, 64000, nullptr, 0, nullptr, NID_hmacWithSHA256);

The error occurs at the PKCS5_pbe2_set_iv, pbe gets set with a nullptr.

Is it remotely possible to ever think that openSSL 3.2 can do AES-GCM for this operation? GCM is said to be better than CBC....

P	S	Ç	P	C	C	P
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Annanowa

Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)

Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)

Son Yazılar

Son Yorumlar