[pycrypto] RSA exportKey question

Legrandin helderijs at gmail.com
Fri Jul 5 06:32:40 PDT 2013

Hi Yaron,

I don't see anything related to PKCS#8 in the changelog of openssl 0.9.7.
It may have introduced AES as a cipher but it's not clear to me if
ability to decrypt PKCS#8-wrapped keys came with that.
Even if it did, I still don't find it unthinkable to run into software
of that age in a) production systems behind the lines b) embedded
Note that PyCrypto does not use openssl (M2Crypto is the best wrapped on it).
Additionally, PyCrypto claims compatibility to Python 2.1, which came
out in 2001...

PS: glad to see some activity on this mailing list...

2013/7/5 Yaron Sheffer <yaronf.ietf at gmail.com>:
> Actually-not-so-old meaning more than 10 years? (See "Changes between 0.9.6h
> and 0.9.7  [31 Dec 2002]" under http://www.openssl.org/news/changelog.html.
> Or is Python OpenSSL support so much behind mainline OpenSSL?
> Thanks,
>         Yaron
> On 2013-07-05 13:10, Legrandin wrote:
>> Hi Paul,
>> In the back of my mind, I was referring to practical purposes *in the
>> context of key wrapping*.
>> For key wrapping, you deal with very small payloads and the key is
>> salted: speed and birthdays paradox are not real concerns,
>> and the security marging 3DES (with 112 bits of ) is large enough.
>> I am suggesting to stick to "PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC" as
>> default PKCS#8 wrapping algorithm for export
>> because there are more chances the receiver (e.g. some
>> actually-not-so-old openssl versions) will be able to unwrap it.
>> If I had to pick a more future proof value (regardless of
>> compatibility) I would agree that AES is better, but only in
>> combination with scrypt as KDF.

More information about the pycrypto mailing list