Skip to content

support setting more PKCS12 serialization encryption options #7560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 5, 2022
Merged

support setting more PKCS12 serialization encryption options #7560

merged 4 commits into from
Sep 5, 2022
+444 −20

Conversation

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Sep 4, 2022
edited
Loading

This is limited support, but makes it possible to set different PBES choices as well as set KDF rounds and MAC algorithm.

@reaperhulk reaperhulk force-pushed the pkcs12-serialization-2 branch 2 times, most recently from d377d46 to 00921fa Compare September 4, 2022 08:04
alex
alex reviewed Sep 4, 2022
View reviewed changes
@reaperhulk reaperhulk force-pushed the pkcs12-serialization-2 branch 9 times, most recently from 575df0b to 342534a Compare September 5, 2022 06:58
@reaperhulk
support setting more PKCS12 serialization encryption options
9d2567b 
This is limited support, but makes it possible to set two different PBES
choices as well as set KDF rounds and MAC algorithm
@reaperhulk reaperhulk force-pushed the pkcs12-serialization-2 branch from 342534a to 9d2567b Compare September 5, 2022 07:41
@reaperhulk reaperhulk marked this pull request as ready for review September 5, 2022 08:25
This was linked to issues Sep 5, 2022
AES256 support for PKCS#12 #7043
Closed
Can't import cryptography generated pkcs12 into macos keychain #7293
Closed
@reaperhulk reaperhulk mentioned this pull request Sep 5, 2022
Closed
alex
alex reviewed Sep 5, 2022
View reviewed changes
alex
alex reviewed Sep 5, 2022
View reviewed changes
@alex alex enabled auto-merge (squash) September 5, 2022 12:16
@alex alex merged commit 1742975 into pyca:main Sep 5, 2022
schwabe
schwabe reviewed Sep 5, 2022
View reviewed changes
docs/hazmat/primitives/asymmetric/serialization.rst
... kdf_rounds(50000).
... key_cert_algorithm(pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC).
... hmac_hash(hashes.SHA1()).build(b"my password")
... )
Copy link

@schwabe schwabe Sep 5, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if the parenthesis here serve any purpose. I think Python just ignores them but some might confuse them to put the encryption into a tuple. But then again if you confuse that, you probably should not be playing with these things ...

Edit, nevermind. It allows you to skip all the \.

@reaperhulk reaperhulk deleted the pkcs12-serialization-2 branch September 5, 2022 21:35
@psteyer psteyer mentioned this pull request Sep 29, 2022
Merged
@felixfontein felixfontein mentioned this pull request Oct 25, 2022
Closed
@felixfontein felixfontein mentioned this pull request Oct 30, 2022
Merged
@ravinderrana ravinderrana mentioned this pull request Jul 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex alex alex approved these changes

+1 more reviewer

@schwabe schwabe schwabe left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can't import cryptography generated pkcs12 into macos keychain AES256 support for PKCS#12

3 participants

@reaperhulk @alex @schwabe