passphrase-encoding.pod - OpenGrok cross reference for /freebsd-src/crypto/openssl/doc/man7/passphrase-encoding.pod

Lines Matching +full:pass +full:- +full:1
7 passphrase-encoding
8 - How diverse parts of OpenSSL treat pass phrases character encoding
12 In a modern world with all sorts of character encodings, the treatment of pass
19 The OpenSSL library doesn't treat pass phrases in any special way as a general
22 This means that for an object that was encrypted using a pass phrase encoded in
23 ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in
24 ISO-8859-1.
29 PKCS#12 is a bit different regarding pass phrase encoding.
30 The standard stipulates that the pass phrase shall be encoded as an ASN.1
32 encoded in big endian (UCS-2 BE).
38 =item 1.
40 Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to
41 UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000
47 Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and
48 opportunistically prepends each byte with a zero byte to obtain the UCS-2
51 Note that since there is no check of your locale, this may produce UCS-2 /
52 UTF-16 characters that do not correspond to the original pass phrase characters
53 for other character sets, such as any ISO-8859-X encoding other than
54 ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical"
55 characters in the 0x80-0x9F range).
64 A pass phrase encoded in ISO-8859-2 could very well have a sequence such as
66 and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would
67 be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN
68 SMALL LETTER I WITH DIAERESIS) I<if the pass phrase doesn't contain anything that
69 would be invalid UTF-8>.
70 A pass phrase that contains this kind of byte sequence will give a different
76 On the same accord, anything encoded in UTF-8 that was given to OpenSSL older
77 than 1.1.0 was misinterpreted as ISO-8859-1 sequences.
82 potentially protected with a pass phrase, a PIN or something else.
83 This API stipulates that pass phrases should be UTF-8 encoded, and that any
84 other pass phrase encoding may give undefined results.
85 This API relies on the application to ensure UTF-8 encoding, and doesn't check
86 that this is the case, so what it gets, it will also pass to the underlying
91 This section assumes that you know what pass phrase was used for encryption,
94 For example, the pass phrase may have been used at a time when your default
95 encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61
97 is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76
101 mentioned encoding when you type in your pass phrase, or use some suitable tool
102 to convert your pass phrase from your default encoding to the target encoding.
104 Also note that the sub-sections below discuss human readable pass phrases.
105 This is particularly relevant for PKCS#12 objects, where human readable pass
114 For creating new pass phrase protected objects, make sure the pass phrase is
115 encoded using UTF-8.
120 converted to UTF-8 (command line and separately prompted pass phrases alike).
124 For opening pass phrase protected objects where you know what character
125 encoding was used for the encryption pass phrase, make sure to use the same
128 For opening pass phrase protected objects where the character encoding that was
134 =item 1.
136 Try the pass phrase that you have as it is in the character encoding of your
142 Convert the pass phrase to UTF-8 and try with the result.
148 Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try
150 This differs from the previous attempt because ISO-8859-1 maps directly to
151 U+0000 to U+00FF, which other non-UTF-8 character sets do not.
153 This also takes care of the case when a UTF-8 encoded string was used with
155 (for example, C<ï>, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3
156 0x83 0xC2 0xAF when re-encoded in the naïve manner.
158 erroneous/non-compliant encoding used by OpenSSL older than 1.1.0)
173 Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.