Generating RSA private key wrapped using AES

Question

Generating RSA private key wrapped using AES

I am new to encryption and am playing with openssl. There's a command in openssl to generate an RSA private key wrapped using AES:

openssl genrsa -aes128

And the result will be the result:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7787EC23BAB71A7E339FA4BB5B197362

Sqmr8Zb8..bla..blaa
-----END RSA PRIVATE KEY-----

In PyCrypto, we can create a similar private key using:

from Crypto.PublicKey import RSA
key = RSA.generate(1024).exportKey('PEM', 'secret')

What will give

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,760A8103AA096360

HxGmbla..blaa
-----END RSA PRIVATE KEY-----

Note that the result is terminated using triple DES. What is the correct way to generate an AES wrapped private key like the one above using PyCrypto?

+3

python cryptography encryption pycrypto

kecebongsoft 14 oct. 14 at 14:20

source to share

2 answers

Maarten bodewes · Answer 1 · 2014-10-14T17:39:48+0000

It doesn't look like looking at the source code you will quickly find the hardcoded part for the PKCS # 8 private key in exportKey

:

protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC'

Which is similar to the information in the PEM header.

SquareRootOfTwentyThree · Answer 2 · 2014-10-15T17:52:46+0000

AES RSA key encryption will only be supported in PyCrypto 2.7 (there is an alpha version on the website right now). However, AES encryption will be applied at the PKCS # 8 (binary) level, not the PEM (text envelope) level.

This is not what you are asking, but it is better because the key stretching procedure used for PEM is not secure.

You will do for example:

from Crypto.PublicKey import RSA
key = RSA.generate(2048)

print key.exportKey('PEM', 'secret', pkcs=8, protection='PBKDF2WithHMAC-SHA1AndAES256-CBC')

Generating RSA private key wrapped using AES

More articles: