| Subject: | Needs more encryption algorithm support |
I was hoping to use Convert::PEM with openSSL's RSA private key files.
(Specifically to decrypt/extract a key to pass to utilities like
Crypt::SMIME, which requires decrypted PEM.)
Works fine with DES3, but not the increasingly-used modern encryption
algorithms.
It looks like the %CTYPES hash only has one entry - for DES-EDE3-CBC.
Simply adding an entry for, e.g. AES-256-CBC => Crypt::OpenSSL::AES
isn't sufficient; decryption fails with "bad password". I noticed that
the initialization vector is longer, so perhaps the md5 hash of the
password has changed. I couldn't find documentation for what openSSL is
doing, and my (usually lucky) guesses didn't work out.
So, this is a request that you add support for current ciphers.
as of today, openssl rsa xx includes:
-des, -des3, -seed, -aes{128,192,256}, -camellia{128,192,256}
Only des3 appears to be supported by Convert::PEM
To generate test data, openssl genrsa -<encryption> will produce a
suitable file, where the choices are listed above.
To verify correct decryption, compare your output to openssl rsa -in
<file> -out <file>. By default, this will decrypt.
Also, a minor request: It would be nice to have a method to return the
header information from the PEM file. (Specifically, the block type
from the header and encryption type.) Currently, I parse the file to
find these, so I can look up the correct Name and ASN. But Convert::PEM
already knows how to parse the file & headers...
Thanks for your consideration.