Bug 1462312 - PKCS#12 export uses low iteration counts
Summary: PKCS#12 export uses low iteration counts
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Daiki Ueno
QA Contact: Hubert Kario
Depends On:
Blocks: rhel7-nss-pkcs12
TreeView+ depends on / blocked
Reported: 2017-06-16 17:27 UTC by Hubert Kario
Modified: 2018-04-10 09:46 UTC (History)
5 users (show)

Fixed In Version: nss-3.34.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1511567 (view as bug list)
Last Closed: 2018-04-10 09:44:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
processing times for different ciphers (16.76 KB, image/png)
2017-10-25 18:41 UTC, Hubert Kario
no flags Details

System ID Priority Status Summary Last Updated
Mozilla Foundation 1278071 P3 RESOLVED increase number of iterations for export to PKCS #12 2020-03-09 09:48:58 UTC
Red Hat Bugzilla 1384147 None None None Never
Red Hat Bugzilla 1559989 None None None Never
Red Hat Product Errata RHEA-2018:0679 None None None 2018-04-10 09:46:03 UTC

Internal Links: 1384147 1559989

Description Hubert Kario 2017-06-16 17:27:17 UTC
Description of problem:
When PKCS#12 file is created using pk12util, it uses hmacWithSHA1 as the PRF for PBKDF2 and only 2000 iterations of that function.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
export PKCS#12 file from NSS db using pk12util -o, inspect using openssl pkcs12 or openssl asn1parse

Actual results:
PBKDF2 always uses SHA1 and always uses 2000 iterations

Expected results:
default to SHA256 and higher number of iterations (a million or so, optimally dependent on the speed of CPU)

Additional info:

Comment 4 Hubert Kario 2017-10-25 18:41:42 UTC
Created attachment 1343377 [details]
processing times for different ciphers

It will now take about 2s to export key on a 2.6GHz Haswell machine with default settings.
3s if both key and certificate is encrypted with AES-256-CBC.

that seems to me like acceptable performance

Comment 15 errata-xmlrpc 2018-04-10 09:44:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.