Skip to content

PemUtils fails to parse PKCS#8 private keys when using PBES2  #78901

Closed
#78904
Closed
PemUtils fails to parse PKCS#8 private keys when using PBES2 #78901
#78904
Assignees
tvernum
Labels
:Security/TLSSSL/TLS, Certificates>bugTeam:SecurityMeta label for security team
@tvernum

Description

@tvernum
tvernum
opened on Oct 11, 2021

PemUtils can parse PKCS#8 encrypted files, but only if the algorithm name in the PKCS8 info is a name supported by SecretKeyFactory

elasticsearch/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java

Lines 368 to 369 in 1399fb6

EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(keyBytes);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName());

This works when using PBES1 but not for PBES2.

See: https://discuss.elastic.co/t/elasticsearch-certutil-http/286230/2

Metadata

Metadata

Assignees

Labels

:Security/TLSSSL/TLS, Certificates>bugTeam:SecurityMeta label for security team

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions