b14469dd76
- add indicators for pbkdf2 - add camellia to pkcs12 doc files - fix ems policy bug - disable ech
21 lines
2.3 KiB
Diff
21 lines
2.3 KiB
Diff
diff -up ./doc/pk12util.xml.camellia ./doc/pk12util.xml
|
|
--- ./doc/pk12util.xml.camellia 2022-01-26 09:46:39.794919455 -0800
|
|
+++ ./doc/pk12util.xml 2022-01-26 09:54:58.277019760 -0800
|
|
@@ -317,7 +317,7 @@ Certificate Friendly Name: Thawte Fre
|
|
|
|
<refsection id="encryption">
|
|
<title>Password Encryption</title>
|
|
- <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
|
|
+ <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
|
|
<para>The private key is always protected with strong encryption by default.</para>
|
|
<para>Several types of ciphers are supported.</para>
|
|
<variablelist>
|
|
@@ -327,6 +327,7 @@ Certificate Friendly Name: Thawte Fre
|
|
<listitem>
|
|
<itemizedlist>
|
|
<listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
|
|
+ <listitem><para>PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme (<userinput>"CAMELLIA-128-CBC"</userinput>, <userinput>"CAMELLIA-192-CBC"</userinput>, and <userinput>"CAMELLIA-256-CBC"</userinput>)</para></listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</varlistentry>
|