richardschneider
commented
6 years ago Are there any container standards for the encrypted data and encrypted symmetric key?
PKCS #7: Cryptographic Message Syntax aka RFC 2315 could be used.
Closed richardschneider closed 6 years ago
richardschneider
commented
6 years ago Are there any container standards for the encrypted data and encrypted symmetric key?
PKCS #7: Cryptographic Message Syntax aka RFC 2315 could be used.
richardschneider
commented
6 years ago Assuming a PEM encoded CMS in foo.p7, then
openssl cms -in foo.p7 -noout -cmsout -print -inform DERA CMS from js-keystore
openssl cms -in foo.p7 -noout -cmsout -print -inform DER
CMS_ContentInfo: contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3) d.envelopedData: version: <ABSENT> originatorInfo: <ABSENT> recipientInfos: d.ktri: version: <ABSENT> d.issuerAndSerialNumber: issuer: O=ipfs, OU=keystore, CN=7oE1zIRwRzgfNCyArGXZxx7BSZvOk6Fxg5dRSndaIq4= serialNumber: 1 keyEncryptionAlgorithm: algorithm: rsaEncryption (1.2.840.113549.1.1.1) parameter: NULL encryptedKey: 0000 - 5b 7d 62 0e 71 42 ec fe-d7 c1 ef e5 58 c3 3c [}b.qB......X.< 000f - 5f 1f ed 3f 3c e7 b2 02-e6 ef 0c 2d c2 2a cd _..?<......-.*. 001e - 52 7b 25 5d 15 28 4e 0a-e2 5c b9 f4 8b d5 0e R{%].(N..\..... 002d - bf 4e fa 00 b3 57 23 ab-f3 c0 48 92 4a d4 48 .N...W#...H.J.H 003c - c5 31 3d c1 4b bb 96 08-2e ff 0e 60 cf 18 30 .1=.K......`..0 004b - cd a7 5f 75 c6 f9 32 39-3c 0a 32 95 76 51 b3 .._u..29<.2.vQ. 005a - 01 b3 67 b4 81 fb 44 41-8e 34 bb 6b 38 b4 b3 ..g...DA.4.k8.. 0069 - 81 60 0d f9 d0 ad fc 19-5f d2 06 09 d7 d8 29 .`......_.....) 0078 - 98 9f f1 fe 88 df ba 11-49 a7 64 73 ec 11 19 ........I.ds... 0087 - c0 3f 4e 45 bd b7 28 c7-37 05 97 1d e4 bd fe .?NE..(.7...... 0096 - 6c b3 3e 2f 13 ed 9e 52-59 37 82 a0 04 af b1 l.>/...RY7..... 00a5 - de 75 b7 f4 f4 a5 b8 d7-a5 fb 5c 19 46 a8 1a .u........\.F.. 00b4 - c5 10 cc 13 40 d7 9c 24-c0 b6 f9 02 69 60 df ....@..$....i`. 00c3 - 1c f4 95 a7 35 91 41 4c-da b3 df 24 ee fe c4 ....5.AL...$... 00d2 - a1 dd c6 59 60 5b af e0-66 2f e9 52 05 d8 47 ...Y`[..f/.R..G 00e1 - 26 f3 8b a9 0a e6 78 7a-89 91 81 f3 80 1f 1a &.....xz....... 00f0 - 34 a3 43 86 57 c9 8e 4c-cf 8b b3 de 93 06 3e 4.C.W..L......> 00ff - c3 . encryptedContentInfo: contentType: pkcs7-data (1.2.840.113549.1.7.1) contentEncryptionAlgorithm: algorithm: aes-256-cbc (2.16.840.1.101.3.4.1.42) parameter: OCTET STRING: 0000 - ab 39 de 42 95 b9 34 c4-12 f6 c1 b9 18 31 86 .9.B..4......1. 000f - a2 . encryptedContent: 0000 - bd 45 ca 24 39 d6 2c a9-6a 5a 62 c6 41 fb e4 .E.$9.,.jZb.A.. 000f - 78 b6 01 85 99 2f 20 30-9c de d2 22 f1 a6 64 x..../ 0..."..d 001e - db e6 b4 63 20 08 7b b6-76 19 24 cb 1d 8c 2d ...c .{.v.$...- 002d - 6d 5b 55 m[U unprotectedAttrs: <EMPTY>
A naive approach is to simply encrypt the data with the asymmetric key. This works but takes a very long time.
Current practice is to