Private key storage

[richardschneider]

A private key when stored (#2) should be

• encrypted at rest
• encoded in PKCS 8 PEM format
• hard to crack

[richardschneider]

A key derivation function (PBKDF2 or Argon2) should be applied to the keystore's passPhrase to reduce the vulnerability of an encrypted key to brute force attacks. A unique salt reduces the ability to use precomputed hashes (rainbow tables) for attacks.

See NIST SP 800-132 for more details. A summary of the recommendations

• kLen shall be at least 112 bits
• salt shall be at least 128 bits
• iteration count at least 1,000
• passPhrase less than 20 characters are usually considered weak

[richardschneider]

Here's the ASN.1 dump of an encrypted key

openssl asn1parse -i -in key.p8.pem -inform PEM

    0:d=0  hl=4 l=1311 cons: SEQUENCE
    4:d=1  hl=2 l=  73 cons:  SEQUENCE
    6:d=2  hl=2 l=   9 prim:   OBJECT            :PBES2
   17:d=2  hl=2 l=  60 cons:   SEQUENCE
   19:d=3  hl=2 l=  27 cons:    SEQUENCE
   21:d=4  hl=2 l=   9 prim:     OBJECT            :PBKDF2
   32:d=4  hl=2 l=  14 cons:     SEQUENCE
   34:d=5  hl=2 l=   8 prim:      OCTET STRING      [HEX DUMP]:28012B52DF400D3D
   44:d=5  hl=2 l=   2 prim:      INTEGER           :0800
   48:d=3  hl=2 l=  29 cons:    SEQUENCE
   50:d=4  hl=2 l=   9 prim:     OBJECT            :aes-128-cbc
   61:d=4  hl=2 l=  16 prim:     OCTET STRING      [HEX DUMP]:93D432607DFCE1F86AE382D57D68934B
   79:d=1  hl=4 l=1232 prim:  OCTET STRING      ...