CA Private Key will be encrypted with des-ede3-cbc during build-ca with OpenSSL 3.x

[lysiszegerman]

I noticed some weirdness with the encryption of the CA private key, it always came out encrypted with des-ede3-cbc, no matter which settings I used, and was hunting it down, here's what I found out so far.

Steps to reproduce:

• Checkout easy-rsa, switched to branch v3.1.8 (to make sure to get the latest version, I've seen this behaviour with 3.1.0-1 shipped with Debian bookworm and 3.1.7 coming with Homebrew on Mac)

• Create empty directory, i.e. no special settings, all defaut

• easyrsa init-pki

• easyrsa build-ca

Verify encryption of the private key:

$ openssl asn1parse -in pki/private/ca.key
    0:d=0  hl=4 l=1308 cons: SEQUENCE
    4:d=1  hl=2 l=  78 cons: SEQUENCE
    6:d=2  hl=2 l=   9 prim: OBJECT            :PBES2
   17:d=2  hl=2 l=  65 cons: SEQUENCE
   19:d=3  hl=2 l=  41 cons: SEQUENCE
   21:d=4  hl=2 l=   9 prim: OBJECT            :PBKDF2
   32:d=4  hl=2 l=  28 cons: SEQUENCE
   34:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:F476ED86F57305B7
   44:d=5  hl=2 l=   2 prim: INTEGER           :0800
   48:d=5  hl=2 l=  12 cons: SEQUENCE
   50:d=6  hl=2 l=   8 prim: OBJECT            :hmacWithSHA256
   60:d=6  hl=2 l=   0 prim: NULL
   62:d=3  hl=2 l=  20 cons: SEQUENCE
   64:d=4  hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
   74:d=4  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:3DD97B1607E6A620
[...]

OpenSSL version on Debian bookworm: OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023) OpenSSL version on Mac: OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)

This doesn't happen on Debian old-stable. OpenSSL version on Debian old-stable: OpenSSL 1.1.1w 11 Sep 2023

By executing the two openssl commands from the build_ca function by hand I could reproduce this behaviour. First openssl genpkey is called creating $out_key_tmp. This key is correctly encrypted with aes-256-cbc (checked with openssl asn1parse as above). Then openssl req -new is called with -key $out_key_temp -keyout $out_key_temp. This overwrites the previously generated private key and encrypts it with des-ede3-cbc.

There also doesn't seem to be an option to specify the encyption of the -keyout, so we cannot force the encryption to be aes256. However, it might be possible just to leave out the -keyout parameter, since we already generated the key and just overwriting it doesn't change it anyways. Calling openssl req by hand without the -keyout parameter works, I don't know if this would have any other side effects in easyrsa though.

[TinCanTech]

@lysiszegerman Thanks for reporting this, I confirm this bug as outlined above.

[TinCanTech]

The reason that the OpenSSL version makes a difference is that, OpenSSL v1.x does not output a file defined by -newkey tmp-file; where-as OpenSSL v3.x does output a file defined by -newkey tmp-file. And this over-writes the existing file with different parameters.

[TinCanTech]

Re-opening for v3.1.7

[TinCanTech]

Closed via 73d8416def6dc978f8b85d1ea5ba8214fc17b3c7

[TinCanTech]

@lysiszegerman git/v3.1.8 can be pulled and tested.

[lysiszegerman]

Perfect, thanks a lot for the quick fix, looks good now on both macos and Debian stable for me.

[TinCanTech]

The "quick fix" was only made possible by your detailed analysis of the problem, thank you.

Also, thanks for testing and returning your results.

Closed as completed:

• v3.0x 73d8416def6dc978f8b85d1ea5ba8214fc17b3c7
• v3.1x 4e02c8acc268098188dbb28f851ae735223f8fe1