Generating RSA private key wrapped using AES
I am new to encryption and am playing with openssl. There's a command in openssl to generate an RSA private key wrapped using AES:
openssl genrsa -aes128
And the result will be the result:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7787EC23BAB71A7E339FA4BB5B197362
Sqmr8Zb8..bla..blaa
-----END RSA PRIVATE KEY-----
In PyCrypto, we can create a similar private key using:
from Crypto.PublicKey import RSA
key = RSA.generate(1024).exportKey('PEM', 'secret')
What will give
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,760A8103AA096360
HxGmbla..blaa
-----END RSA PRIVATE KEY-----
Note that the result is terminated using triple DES. What is the correct way to generate an AES wrapped private key like the one above using PyCrypto?
+3
source to share
2 answers
AES RSA key encryption will only be supported in PyCrypto 2.7 (there is an alpha version on the website right now). However, AES encryption will be applied at the PKCS # 8 (binary) level, not the PEM (text envelope) level.
This is not what you are asking, but it is better because the key stretching procedure used for PEM is not secure.
You will do for example:
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
print key.exportKey('PEM', 'secret', pkcs=8, protection='PBKDF2WithHMAC-SHA1AndAES256-CBC')
+1
source to share