I'm using openssl to create an encrypted key in pkcs8 format. Specifically I'm using triple des. An example of the asn1parse output is below.
My goal is to take the "rather long hexadecimal value", which I assume is the encrypted key, and decrypt it using a separate triple des decryption library. The decryption method I would like to use asks for a 24 byte key and an 8 byte input vector as well as the encrypted hexadecimal value. I haven't been able to find an online resource that clearly describes what the parts of the asn1parse output are. What I think I know (hahaha): 1) The first short hexadecimal values is a salt. 2) The INTEGER is the iteration count (2048). 3) The second short hexadecimal value is an initialization vector for CBC. 4) The long hexadecimal value is the encrypted key. Two Questions: 1) How do I get the 24 byte key? Use some sort of algorithm to generate it from the salt, the iteration count, and the user's password? 2) What exactly is the 8 byte input vector? The first 8 bytes of the second short hexadecimal value? Thank you for your time! openssl asn1parse -in my_private_key.txt produces: 0:d=0 hl=4 l= 710 cons: SEQUENCE 4:d=1 hl=2 l= 64 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 17:d=2 hl=2 l= 51 cons: SEQUENCE 19:d=3 hl=2 l= 27 cons: SEQUENCE 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 32:d=4 hl=2 l= 14 cons: SEQUENCE 34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3F471CCCC0EDDDD9 44:d=5 hl=2 l= 2 prim: INTEGER :0800 48:d=3 hl=2 l= 20 cons: SEQUENCE 50:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 60:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:93BBBB22D404D394 70:d=1 hl=4 l= 640 prim: OCTET STRING [HEX DUMP]: <rather long hex value here>
