Description
I noticed some weirdness with the encryption of the CA private key, it always came out encrypted with des-ede3-cbc, no matter which settings I used, and was hunting it down, here's what I found out so far.
Steps to reproduce:
-
Checkout easy-rsa, switched to branch v3.1.8 (to make sure to get the latest version, I've seen this behaviour with 3.1.0-1 shipped with Debian bookworm and 3.1.7 coming with Homebrew on Mac)
-
Create empty directory, i.e. no special settings, all defaut
-
easyrsa init-pki
-
easyrsa build-ca
Verify encryption of the private key:
$ openssl asn1parse -in pki/private/ca.key
0:d=0 hl=4 l=1308 cons: SEQUENCE
4:d=1 hl=2 l= 78 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 65 cons: SEQUENCE
19:d=3 hl=2 l= 41 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 28 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:F476ED86F57305B7
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=5 hl=2 l= 12 cons: SEQUENCE
50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256
60:d=6 hl=2 l= 0 prim: NULL
62:d=3 hl=2 l= 20 cons: SEQUENCE
64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
74:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:3DD97B1607E6A620
[...]
OpenSSL version on Debian bookworm: OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
OpenSSL version on Mac: OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
This doesn't happen on Debian old-stable.
OpenSSL version on Debian old-stable: OpenSSL 1.1.1w 11 Sep 2023
By executing the two openssl commands from the build_ca function by hand I could reproduce this behaviour. First openssl genpkey is called creating $out_key_tmp. This key is correctly encrypted with aes-256-cbc (checked with openssl asn1parse as above). Then openssl req -new is called with -key $out_key_temp -keyout $out_key_temp. This overwrites the previously generated private key and encrypts it with des-ede3-cbc.
There also doesn't seem to be an option to specify the encyption of the -keyout, so we cannot force the encryption to be aes256. However, it might be possible just to leave out the -keyout parameter, since we already generated the key and just overwriting it doesn't change it anyways. Calling openssl req by hand without the -keyout parameter works, I don't know if this would have any other side effects in easyrsa though.