aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/pk_codecs
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-12-26 17:02:01 +0000
committerlloyd <[email protected]>2009-12-26 17:02:01 +0000
commit4400704b743fdf13e903c228cec5a20fce265a5d (patch)
tree0ca6fce5bbc6b77ca7de8bcb83424ee5a1886340 /src/pubkey/pk_codecs
parent0d524165735b925f6aeb4c8c3934c79071018025 (diff)
Switch from TripleDES to AES-256 for private key encryption by
default. OpenSSL 0.9.8 understands keys encrypted like this fine, which was the big reason for holding back on this before IIRC. AES-256 was chosen over AES-128 not for the longer key length (it's a password hash so unlikely to have more than 96 bits of entropy) but for the extra 4 rounds of AES-256 vs AES-128.
Diffstat (limited to 'src/pubkey/pk_codecs')
-rw-r--r--src/pubkey/pk_codecs/pkcs8.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pk_codecs/pkcs8.cpp b/src/pubkey/pk_codecs/pkcs8.cpp
index f287e1e63..d0954df39 100644
--- a/src/pubkey/pk_codecs/pkcs8.cpp
+++ b/src/pubkey/pk_codecs/pkcs8.cpp
@@ -168,7 +168,7 @@ void encrypt_key(const Private_Key& key,
const std::string& pass, const std::string& pbe_algo,
X509_Encoding encoding)
{
- const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,TripleDES/CBC)";
+ const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)";
Pipe raw_key;
raw_key.start_msg();