Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkcs5: add support for using AES-GCM in PBES2 #1433

Merged
merged 9 commits into from
Jun 15, 2024

Conversation

randombit
Copy link
Contributor

Fixes #1432

Some notes/comments

  • I implemented only AES-128 and AES-256. pycryptodome also supports using AES-192 with GCM. Botan supports any cipher that has a GCM OID defined (for instance SM4). I imagine most users really just want AES-256.
  • For pbes2::Parameters I always associated GCM with Scrypt, partially to avoid a combinatoric explosion of constructors and partially because there doesn't seem to be any reason to use PBKDF2 given the existence of Scrypt. Happy to add PBKDF2 if you prefer otherwise.
  • The GCM code is quite repetitive and awkward but I could not figure out any good ways of cleaning it up, definitely would appreciate any suggestions here.
  • The test data was generated using Botan 2.19.3. I also confirmed latest pycryptodome can import ed25519-encpriv-aes256-gcm-scrypt.der
>>> ECC.import_key(binascii.unhexlify(k), b'hunter42')
EccKey(curve='Ed25519', point_x=2621690352....

pkcs5/src/pbes2.rs Outdated Show resolved Hide resolved
@tarcieri tarcieri changed the title Add support for using GCM in PBES2 pkcs5: add support for using AES-GCM in PBES2 Jun 15, 2024
@tarcieri tarcieri merged commit 8ced406 into RustCrypto:master Jun 15, 2024
164 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for GCM in PKCS8
3 participants