PKCS#8ΒΆ

PKCS#8 is a standard for storing and transferring private key information. The wrapped key can either be clear or encrypted.

All encryption algorithms are based on passphrase-based key derivation. The following mechanisms are fully supported:

  • PBKDF2WithHMAC-SHA1AndAES128-CBC

  • PBKDF2WithHMAC-SHA1AndAES192-CBC

  • PBKDF2WithHMAC-SHA1AndAES256-CBC

  • PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC

  • scryptAndAES128-CBC

  • scryptAndAES192-CBC

  • scryptAndAES256-CBC

The following mechanisms are only supported for importing keys. They are much weaker than the ones listed above, and they are provided for backward compatibility only:

  • pbeWithMD5AndRC2-CBC

  • pbeWithMD5AndDES-CBC

  • pbeWithSHA1AndRC2-CBC

  • pbeWithSHA1AndDES-CBC