Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: replace MD5 in PEM encryption? #32777

Closed
micahhyman1 opened this issue Jun 25, 2019 · 4 comments
Closed

crypto/x509: replace MD5 in PEM encryption? #32777

micahhyman1 opened this issue Jun 25, 2019 · 4 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@micahhyman1
Copy link

The deriveKey function in crypto/x509 uses an md5 hash to derive the encryption key. This hash is out-of-date, insecure and non FIPS compliant. It should be replaced with sha-256.
@FiloSottile FiloSottile changed the title crypto/x509 Replace usage of md5 hash with sha-256 in PEM encryption crypto/x509: Replace usage of md5 hash with sha-256 in PEM encryption Jun 25, 2019
@FiloSottile
Copy link
Contributor

That's not a change we can make unilaterally. It would make it impossible to decrypt PEM files encrypted by OpenSSL or by previous versions of Go.

Thankfully, it's not being used as a collision-resistant hash, but as a key derivation function, and MD5 is not broken for that purpose.

I will look into the spec to see if there's anything we can change.

@FiloSottile FiloSottile added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jun 25, 2019
@FiloSottile FiloSottile added this to the Unplanned milestone Jun 25, 2019
@FiloSottile FiloSottile changed the title crypto/x509: Replace usage of md5 hash with sha-256 in PEM encryption crypto/x509: replace MD5 in PEM encryption? Jun 25, 2019
@micahhyman1
Copy link
Author

Could it be made an option on the encryption function to choose which hash is used, the same way one can choose which cipher to use?

@lucasmoten
Copy link

I think that could be added as additional convenience functions in crypto/x509/pem_decrypt.go.
Similar to how openssl extended to support password based key derivation function. Theoretically, the current implementation of DecryptPEMBlock wouldn't work with a cert encrypted via
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 1000 -salt -in plaintext.pem -out encrypted.pem
Establishing additional functions that support the inputs openssl offers for specifying message digest and iteration count etc would be an improvement.

@gopherbot
Copy link

Change https://golang.org/cl/264159 mentions this issue: crypto/x509: deprecate legacy PEM encryption

@golang golang locked and limited conversation to collaborators Oct 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@FiloSottile @gopherbot @lucasmoten @micahhyman1