*
* @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER
* file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will
- * be returned. The encryption algorithm used in this case is PBE with DES-CBC.
+ * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is
+ * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations.
*
* @remarks Encryption is not supported for the symmetric, public keys and key generation
* parameters in all their supported formats. If a password is provided in such
assert(mem != NULL);
int ret;
- int nid = NID_pbeWithMD5AndDES_CBC;
+ const EVP_CIPHER *enc = EVP_aes_256_cbc();;
/* PKCS8 export requires a password */
if (password == NULL)
case YACA_KEY_TYPE_DSA_PRIV:
case YACA_KEY_TYPE_DH_PRIV:
case YACA_KEY_TYPE_EC_PRIV:
- ret = PEM_write_bio_PKCS8PrivateKey_nid(mem, evp_key->evp, nid,
- NULL, 0, NULL, (void*)password);
+ ret = PEM_write_bio_PKCS8PrivateKey(mem, evp_key->evp, enc,
+ NULL, 0, NULL, (void*)password);
break;
default:
case YACA_KEY_TYPE_DSA_PRIV:
case YACA_KEY_TYPE_DH_PRIV:
case YACA_KEY_TYPE_EC_PRIV:
- ret = i2d_PKCS8PrivateKey_nid_bio(mem, evp_key->evp, nid,
- NULL, 0, NULL, (void*)password);
+ ret = i2d_PKCS8PrivateKey_bio(mem, evp_key->evp, enc,
+ NULL, 0, NULL, (void*)password);
break;
default:
- We need a way to import keys encrypted with hw (or other) keys. New
function like yaca_key_load or sth?
- Add extended description and examples in documentation.
-- Check PKCS8 with PKCS5 2.0 (EVP cipher instead of PBE)
projects / platform / core / security / yaca.git / commitdiff