Simplest method is still to patch OpenSSL, namely the command-line tool (not the library). Walk-through (assuming a Linux host):
Download the OpenSSL source code. Take the latest, which the page shows in red (right now, version 1.0.1g).
Unpack it in some directory:
cd /tmp
tar xvzf ~/Downloads/openssl-1.0.1g.tar.gz
Edit the source file /tmp/openssl-1.0.1g/apps/pkcs8.c
: search the string "iter" until you want to find these lines:
else if (!strcmp (*args, "-noiter"))
iter = 1;
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
That's line 158 in version 1.0.1g. Edit these lines so that they look like this:
else if (!strcmp (*args, "-noiter"))
iter = 1;
else if (!strcmp (*args, "-iter"))
{
if (!args[1]) goto bad;
iter = atoi(*(++args));
if (iter <= 0) goto bad;
}
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
In other words, just add the 6 lines which handle a new command-line argument called "-iter". Save the file.
Then compile the code:
cd /tmp/openssl-1.0.1g
./config --prefix=$HOME/local
make
make test
make install
And voilà! You have a brand new openssl
command-line tool and library in the local
subdirectory of your home directory (you can put it anywhere you wish with the --prefix
option, but writing in your home directory does not need root
access and won't interfere with your OS-provided tools). The command-line tool command pkcs8
now has a -iter
option which can be use to select the number of iterations:
$HOME/local/bin/openssl genrsa -out rsaraw.pem 2048
$HOME/local/bin/openssl pkcs8 -topk8 -v2 aes128 -iter 1000000 -in rsaraw.pem -out rsapk8.pem
The resulting file can be used with a completely standard OpenSSL or OpenSSH, because the library has always supported PBKDF2 with one million iterations. Here we are just patching the command-line tool to be able to set that iteration count. A look at the resulting object will show that the iteration count was indeed taken into account:
openssl asn1parse -i -in rsapk8.pem
will show something which begins with:
0:d=0 hl=4 l=1312 cons: SEQUENCE
4:d=1 hl=2 l= 74 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 61 cons: SEQUENCE
19:d=3 hl=2 l= 28 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 15 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:A4E21F4F210DEB6F
44:d=5 hl=2 l= 3 prim: INTEGER :0F4240
49:d=3 hl=2 l= 29 cons: SEQUENCE
51:d=4 hl=2 l= 9 prim: OBJECT :aes-128-cbc
62:d=4 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:DAA184B3F6CC303B6A40A131E5C8C451
80:d=1 hl=4 l=1232 prim: OCTET STRING [HEX DUMP]:2C15CF37D5ACC537AA92B
(...)
See the "0F4240
" ? That's one million, in hexadecimal.
The patch is trivial; I will try to submit it to the OpenSSL maintainers.