The best widely implemented algorithm for PBES2/PKCS8 is AES-256-CBC. However RFC 8018 is open supporting any cipher in an application defined way
encryptionScheme identifies the underlying encryption scheme. It shall be an algorithm ID with an OID in the set PBES2-Encs, whose definition is left to the application.
The best widely implemented algorithm for PBES2/PKCS8 is AES-256-CBC. However RFC 8018 is open supporting any cipher in an application defined way
RFC 8018 section A.4
Some implementations of PBES2/PKCS8 support GCM as an alternative; I'm aware of https://github.com/randombit/botan and https://github.com/Legrandin/pycryptodome (these implementations are compatible).
Would there be any interest in extending
pkcs8
to also support AES-256-GCM? It extends pretty naturally from the AES-CBC ASN.1 definitions:1) Use the appropriate OID for AES-GCM 2) Put the GCM nonce where CBC places the IV 3) Profit with AEAD protected keys