why does the pkcs12 tool use such short mac salts?
24 views
Skip to first unread message
Thomas Anderson
Jun 7, 2025, 2:56:44 PMJun 7
to openss...@openssl.org
I generated the attached *.P12 with the following command:
openssl pkcs12 -export -out keyStore.p12 -inkey private.pem -in cert.pem
(the password is blank)
I then tried to run this command on it:
openssl pkcs12 -info -in keyStore.p12 -noout
Per that the MAC is using sha256 and the salt length is 8.
https://www.rfc-editor.org/rfc/rfc7292#appendix-C says this of the salt length:
This standard does not prescribe a length for the salt either. Ideally, the salt is as long as the output of the hash function being used and consists of completely random bits.
My question is... why is OpenSSL using such a short salt? I know the PKCS12 standard leaves a lot to be desired, as elaborated by https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html . Maybe the RFC's recommendations for salt length are best just ignored?
Here's what openssl version returns:
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
Viktor Dukhovni
Jun 8, 2025, 12:33:12 AMJun 8
to openss...@openssl.org
On Sat, Jun 07, 2025 at 01:56:24PM -0500, Thomas Anderson wrote:
> My question is... why is OpenSSL using such a short salt? I know the
> PKCS12 standard leaves a lot to be desired, as elaborated by
> https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html . Maybe the RFC's
> recommendations for salt length are best just ignored?
Perhaps not the answer you're looking for, but the best available reason
> My question is... why is OpenSSL using such a short salt? I know the
> PKCS12 standard leaves a lot to be desired, as elaborated by
> https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html . Maybe the RFC's
> recommendations for salt length are best just ignored?
is that this is the length chosen in:
commit 8d8c7266d4de9887fb0190a0770df9dc254a16a3
Date: Sun Mar 28 23:17:34 1999 +0000
and it hasn't changed since.
$ git grep PKCS12_SALT_LEN
crypto/pkcs12/p12_mutl.c: saltlen = PKCS12_SALT_LEN;
include/openssl/pkcs12.h.in:# define PKCS12_SALT_LEN 8
If you'd like to see it updated, perhaps you're willing to open a github
issue?
--
Viktor.
Tomas Mraz
Jun 9, 2025, 2:56:15 AMJun 9
to openss...@openssl.org
release should use 16 bytes salt by default.
--
Tomáš Mráz, Public Support and Security Manager, OpenSSL Foundation
Join the Code Protectors or support us on Github Sponsors
https://openssl-foundation.org/donate/
Reply all
Reply to author
Forward
0 new messages