Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid PKCS8 encoding for private keys in python-rsa backend #119

Closed
mattsb42-aws opened this issue Dec 26, 2018 · 2 comments
Closed

Invalid PKCS8 encoding for private keys in python-rsa backend #119

mattsb42-aws opened this issue Dec 26, 2018 · 2 comments

Comments

@mattsb42-aws
Copy link
Contributor

In the process of investigating the pycrypto/dome dependency on the python-rsa backend, I discovered that the PKCS8 encoding being performed for RSA private keys by the python-rsa backend is incompatible with the other backends.

Digging deeper, I found that the magic prefix[1] being added to the PKCS1 encoded private key[2] is both invalid per the PKCS8 spec[3] and incorrectly sets a static message size.

This results in the serialized keys being unreadable by any other system, and also in the python-rsa backend being unable to deserialize any keys written by a correct system.

Current magic prefix:

Full key from tests, header tweaked to have a valid length

30  # sequence
8204BD  # DER-encoded sequence contents length of 1213 bytes -- INCORRECT STATIC LENGTH
  020100  # integer: 0 -- Version
  300D  # sequence containing 13 bytes -- PrivateKeyAlgorithmIdentifier
    06092A864886F70D010101  # OID -- rsaEncryption
    0500  # NULL -- parameters
  <PKCS1 key added>

Prefix should be:

Full key from tests

30  # sequence
820945  # DER-encoded sequence contents length of 2373 bytes -- LENGTH MUST BE SET PER KEY
  02 01 00  # integer: 0 -- Version
  30  # sequence
  0D  # DER-encoded sequence contents length of 13 bytes -- PrivateKeyAlgorithmIdentifier
    06092A864886F70D010101  # OID -- rsaEncryption
    0500  # NULL -- parameters
  04 # Octet String
  82092F  # DER-encoded octet string length of 2351 bytes -- LENGTH MUST BE SET PER KEY
    <PKCS1 key added>

[1] https://github.com/mpdavis/python-jose/blob/master/jose/backends/rsa_backend.py#L15
[2] https://github.com/mpdavis/python-jose/blob/master/jose/backends/rsa_backend.py#L186
[3] https://tools.ietf.org/html/rfc5208#page-5

@mattsb42-aws
Copy link
Contributor Author

Addressed in #120. I put it on top of backend-explicit-tests because it's much more difficult to actually isolate and test this behavior before that branch.

@mattsb42-aws
Copy link
Contributor Author

This is resolved with #129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant