RSA.exportKey should not silently discard passphrase
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Python-Crypto |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
The documentation for RSA.exportKey states that format='DER' means that the key is always unencrypted. However, the .encryptKey() function still accepts a non-empty passphrase argument, and silently discards it:
>>> from Crypto.PublicKey import RSA
>>> k = RSA.generate(2048)
>>> k1 = k.exportKey('PEM', passphrase='foo')
>>> k2 = k.exportKey('PEM', passphrase='bar')
>>> k1 == k2
False
>>> k3 = k.exportKey('DER', passphrase='foo')
>>> k4 = k.exportKey('DER', passphrase='bar')
>>> k3 == k4
True
That's dangerous; Application developers might unwittingly write unencrypted private keys somewhere, while thinking they're encrypted. If it's not possible to encrypt a private key, but a passphrase is provided, an exception should be raised.
| Changed in pycrypto: | |
| status: | New → Confirmed |
| Legrandin (gooksankoo) wrote | #1 |
I just finished some code that adds PKCS#8 encryption to PyCrypto:
https:/
Incidentally, it will now raise an exception when you try to do:
k.exportKey('DER', passphrase='foo')
That happens because PKCS#1 is the default encoding and it does not support encryption, unless you combine it with PEM.
However, if you do:
k.exportKey('DER', passphrase='foo', pkcs=8)
You will obtain a private key correctly encrypted according to PKCS#8.