I'm using the following command to encrypt my private key file using OpenSSL:
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem -out private_key.der -v1 PBE-SHA1-3DES
The documentation states that the option -v1 PBE-SHA1-3DES will encrypt using triple DES, but doesn't mention which keying option it is using. Can I assume that it uses 168 bit triple DES?
The answer seems to be yes, when I read the file from Java(see also my other question), I can get the algorithm viz.:
1.2.840.113549.1.12.1.3 from algParams.getAlgorithm()
Googling this yields: pbeWithSHAAnd3-KeyTripleDES-CBC
See also: http://www.oid-info.com/get/1.2.840.113549.1.12.1.3
This is a 3key triple DES, which entails 168 bits.
public static byte[] decryptPrivateKey(byte[] key) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
PBEKeySpec passKeySpec = new PBEKeySpec("p".toCharArray());
EncryptedPrivateKeyInfo encryptedKey = new EncryptedPrivateKeyInfo(key);
System.out.println(encryptedKey.getAlgName());
System.out.println("key length: " + key.length);
AlgorithmParameters algParams = encryptedKey.getAlgParameters();
System.out.println(algParams.getAlgorithm());
