Skip to content

proposal: crypto/x509: add support for PBES2 private keys #39241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
shibe2 opened this issue May 25, 2020 · 9 comments
Closed

proposal: crypto/x509: add support for PBES2 private keys #39241

shibe2 opened this issue May 25, 2020 · 9 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Proposal
Milestone
Proposal

Comments

@shibe2
Copy link

shibe2 commented May 25, 2020
edited
Loading

What version of Go are you using (go version)?

1.14.3

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

linux/amd64

What did you do?

I generated ECDSA private key with OpenSSL 1.1.1g using req -newkey. It asked for a password and encrypted the key. However, it didn't add headers like "Proc-Type" and "DEK-Info". If I decrypt the key using OpenSSL, it is usable for Go TLS, but Go itself cannot decrypt it.

https://play.golang.org/p/cU7jBbRIHt9

What did you expect to see?

IsEncryptedPEMBlock: true
key type: *ecdsa.PrivateKey

What did you see instead?

IsEncryptedPEMBlock: false
x509: no DEK-Info header in block
@tklauser tklauser changed the title Cannot decrypt private key generated by OpenSSL 1.1.1g crypto/x509: cannot decrypt private key generated by OpenSSL 1.1.1g May 25, 2020
@tklauser tklauser added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 25, 2020
@shibe2
Copy link
Author

shibe2 commented May 25, 2020
edited
Loading

From OpenSSL manual:

Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.

So my key is encrypted using PBES2. It seems to be default for openssl pkey, openssl req and maybe some other sub-commands.

I wrote quick and dirty function to decrypt PBES2: https://play.golang.org/p/BK9rxDD87ur Feel free to use it if you decide to implement this feature.

EDIT: Added padding handling to my function.

@odeke-em odeke-em changed the title crypto/x509: cannot decrypt private key generated by OpenSSL 1.1.1g crypto/x509: cannot decrypt PBES2 private key generated by OpenSSL 1.1.1g May 29, 2020
@odeke-em
Copy link
Member

Thank you for filing this issue @shibe2 and welcome to the Go project! I shall tag some experts @FiloSottile @katiehockman @retornam to also beware of this change.

@shibe2 if all goes great, perhaps this could be an addition to crypto/x509 or x/crypto/. Thank you.

@FiloSottile FiloSottile changed the title crypto/x509: cannot decrypt PBES2 private key generated by OpenSSL 1.1.1g proposal: crypto/x509: add support for PBES2 private keys Sep 22, 2020
@gopherbot gopherbot added this to the Proposal milestone Sep 22, 2020
@rsc rsc moved this to Incoming in Proposals Aug 10, 2022
@rsc rsc added this to Proposals Aug 10, 2022
@rsc
Copy link
Contributor

rsc commented Mar 15, 2023

What would it mean for crypto/x509 to support encrypted private keys? Where would it get the decryption keys?

@rsc
Copy link
Contributor

rsc commented Mar 15, 2023

Sorry, I missed x509.DecryptPEMBlock. I assume the proposal is to handle PBES2 in that function in addition to the current DEK-Info-based switch. Is there any header that is set in the PBES2-encrypted keys?

@shibe2
Copy link
Author

shibe2 commented Mar 19, 2023

PBES2 key blocks can be identified by PEM label (type) "ENCRYPTED PRIVATE KEY" and PKCS #5 object identifier in ASN.1 data. In an earlier comment I posted example code that handles both RFC 1423 and PBES2 encrypted keys.

@rolandshoemaker
Copy link
Member

As far as I am aware PBES2 is vulnerable to the same classes of attacks as PBES1 due to lack of support for authenticated ciphers, which led to our deprecation of DecryptPEMBlock (see #41949 and #32777). If anything I think we probably want to add support for PKCS#8 encryption (see #8860).

@rsc rsc moved this from Incoming to Active in Proposals Apr 6, 2023
@rsc
Copy link
Contributor

rsc commented Apr 6, 2023

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

@rsc
Copy link
Contributor

rsc commented Apr 12, 2023

Based on the discussion above, this proposal seems like a likely decline.
— rsc for the proposal review group

@rsc rsc moved this from Active to Likely Decline in Proposals Apr 12, 2023
@rsc
Copy link
Contributor

rsc commented Apr 19, 2023

No change in consensus, so declined.
— rsc for the proposal review group

@rsc rsc moved this from Likely Decline to Declined in Proposals Apr 19, 2023
@rsc rsc closed this as completed Apr 19, 2023
@dbgjerez dbgjerez mentioned this issue May 4, 2023
Closed
@golang golang locked and limited conversation to collaborators Apr 18, 2024
@rsc rsc removed this from Proposals Apr 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Proposal
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
6 participants
@rsc @tklauser @odeke-em @rolandshoemaker @gopherbot @shibe2