You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit adds support for decrypting PKCS#8 encoded private keys
that have been encrypted using a PBES2 based scheme.
Unfortunately `java.crypto.EncryptedPrivateKeyInfo` doesn't make this
easy as the underlying encryption algorithm is hidden within the
`AlgorithmParameters`, and can only be extracted by calling
`toString()` on the parameters object.
See: https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4
See: AlgorithmParameters#toString()
See: com.sun.crypto.provider.PBES2Parameters#toString()
Resolves: elastic#78901
This commit adds support for decrypting PKCS#8 encoded private keys
that have been encrypted using a PBES2 based scheme (AES only).
Unfortunately `java.crypto.EncryptedPrivateKeyInfo` doesn't make this
easy as the underlying encryption algorithm is hidden within the
`AlgorithmParameters`, and can only be extracted by calling
`toString()` on the parameters object.
See: https://datatracker.ietf.org/doc/html/rfc8018#appendix-A.4
See: AlgorithmParameters#toString()
See: com.sun.crypto.provider.PBES2Parameters#toString()
Resolves: #78901, #32021
PemUtils can parse PKCS#8 encrypted files, but only if the algorithm name in the PKCS8 info is a name supported by
SecretKeyFactory
elasticsearch/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java
Lines 368 to 369 in 1399fb6
This works when using PBES1 but not for PBES2.
See: https://discuss.elastic.co/t/elasticsearch-certutil-http/286230/2
The text was updated successfully, but these errors were encountered: