How to decrypt PKCS#8 Encrypted private key with Password?

Mbed TLS
1

Hi,

We are using ESP32 and trying to decript PKCS#8 private key with Password.

We are facing the error "MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE " at "int mbedtls_pkcs12_pbe() → mbedtls_cipher_info_from_type() "

“RSA Private key” is working ok, the problem happened when we tried to use “Encrypted private key with password”

Can you let me know any point we have to check ?
Any comment or any hint would be highly appreciated.

Thanks ~

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6zAdBgoqhkiG9w0BDAEDMA8ECPxgpberzYZHAgMCAAAEggTI+NLq/ZwRXR6c
vCKV6YY82Z2fAtdqqrnPlkkLQROYf2GQACQ7tJyIzAoE9BA/zaIDlkdek1Sm4HMV
DfxAakJJk9xj7Rd1Hf0ZmASJPjUU5OzoFXhnixue0Q1iRR69dcm8medk0KUfpUXS
SapCZwDBWPADg0UAFIWWmCaAClosCupJ2j68JGj5POkX6C85BBlUU7P1DGv0ldue
CnEQk76IY45F/IwaPWybaLaLv3zjMumT20dMyCcx6OPaqUolpMwgcRE6QoNTCfbO
/XffTKhdqWV9WZXTHWD2v1vzrsfz3M7llLPN0IEngUanyreX7EhTBdWZFYiGjTtz
n7klnwGe9BPqwZX53XfBHm25Movr0XsNpLypwlwhCohPHRkTnwW8OnIzWlIVyB6F
clz1TRYoBErgKNorPQiSkm1Hq5iDoXYY3oyxM6YsZXY5hL2vrBGnz9QOOutb6NkM
Iova3WDVTBxqYZ9y1VcyHMTpdKuzpdVa0P9Of3EgNDhkvmwE1hIJS1zQAP9j1WYh
Q3srEa6FLrFX+MZUJl7y0CLy3xPiW9mJgaiNj1RLCN4jcV3OQzh3yiyRsIqLvAzU
p9m3GIzb/a/x0Wxf3+vFJ5mrFR6IXXrgvaTAEZERMIAmzcvuGYrYtdIslN3hf/Nr
Qz1R4d63umIUWb84pvvyy5N/Z6uGCR5jBTP34xmFAXIVgOMIMJ5eggrt9JYiVHbp
COk+3HF6UR55rTnYs5b1ucClmXUwKb9E0hc+k9mPk1NrGutdJyhRoj8qI6hDWfcI
vQQJpEQwkmfAn5pJ+5qFHNKCS5fXQmRL1RBABikSMMGl7xoLtEjMk1KD156QTuNA
QQQFGMeTS7zo0vuuKGBkiKRXJfiJ1BIfgIR7T+pPz8kqiqb6RuRfvbhdVudKvD4s
H3fXS6rrO4HAIIHMwoBsHAT0qQuqQI4JDfKJUVQhzW0qc5BGZBwE3hrAUU6D5Ycc
3+IhJN4uORdjUxe1fFjz0MOyMKjrTTrV3Vb3pDBwYtyxsxinO3ktK8y1VF+Xjkix
W+BZMwys6StqeGc5G2wVMlOMcFBLZGicoytL70QIId7OCiF3wlG7AmxebwWuwlHA
I6UgnXMnVy3o0gNh85ZxMiWSwZfLdOh7LUwWJoXZ/FJBfm5UwlHWPIxSOcM2hA6z
5vFqdGFUhqnT21hpZhnz2NmbpJBizbuxAmktHrlDUirtjWb7zCqjT6KkDmXYgj+b
hFB+CdKgYRa4krfcWZc5l6gzpsElaW5fMNxXcTz9JBlc5JYLz32D7mwejeGSZu02
xULkmrMdeTvccf/md4sc/iXzlJMP/yzOi9kxewUF2ZSTIpk0EkbNReEkyuwiwv5/
gqnnDsh/JCQLXOGHT6cNesRRkr3fBq3IgheLUf7VwGKVFfiZ0twBdN4/h6jqfmSB
JfjM9iPudd5VyyKBDzDbbiYNGz3Nv0kvj03/c2anP7ktXyzMI2KYrfKWtAXrKY1b
+pPIiTdK9AbBcbolSdrWqqzIM2pzZmP4q+aGZjzTJ4Xl9dnXGYasbEXLHYViQuTq
gygQwunzT8W0/v/vLJPsBBrl1SoNtmThqlvgnFkmsHSrekfQaHDdYd48bOZnd1BV
j/HsQb5TDQ6/ZtiehfPI
-----END ENCRYPTED PRIVATE KEY-----

Password : Vb9Ba8k1z5vxomYDzbyh2EDxRKfSlpIlr0bs

2

mbedTLS is supporitng handling “Encrypted private key” with password ?

3

Hi Rickoh,

Is your key encrypted with 3DES and CBS?
You should make sure that 3DES is enabled in Mbed TLS configuration. If 3DES is not enabled, then mbedtls_cipher_info_from_type() would fail.

Regards,
Desmond

4

Dear Desmond; thank you for your your reply.

We check that it is 3DES.
If you have any comment or hint, we will test again.

Thanks~
Rick.

5

Hi Rick,
You should also verify that MBEDTLS_MD_SHA1 is supported in your configuration as well, to support your encrypted key.
Note it is better you use a stronger hash though.
Regards,
Mbed TLS Support
Ron