I am doing some research on rsa key generation for a school project and when using the -des3 flag to encrypt my private key, I don't understand how the ASN.1 is formatted.
Lets say I have my private key:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCArGnEmKxHkLni
S4OS4OK197TuNeRSKxitSef7oY06uGXbCUv7+UvhT0BLyhzJ3S0ZI7c642w0g29w
IZ/fjU+bisyIHpDKfoqXL/G6ZLXAmR8/NDNqkpBEAV0jplIAph6sdttbOGP1meca
gaCeYaFil+H+Fxmud8lmLE8B/Ybx15vWSiRiYIPQ6FRQkCrPK04BzNoNPptrOQqN
D+GC6pDKcS6Dgz/DmHPvIp8HK8fRvs0p5j4wVdWG0NlEy35AfDsaHl4igbeqEnvW
GNznLBysyoibdxSwwQOOio4XJRADfGJPV6VzKLl2nCcD5pJACHtFyUmJrrgP9V2S
9QK2ngdTAgMBAAECggEARLtUGAaxZ9zf3ggWNRvZHfg99kxlNJr+qHnk592osegT
yEeUBflpVeXeY12HuTBiyZ3xXwxiHT7kBNKBMomqL1yZ2k/xaajkYNPkXHs1NrbU
IQ/CMzgsxZaw6L0L6nrRwbAPhg9+HY/jCZ6abF+cNC0LM42lUzN7Kg+a+GYzcfTG
sqG4ub2hyEtkwRP04/vz0HHaLh1QEx1NVbW5pvr45+NRiwzjE2nNBE+ju+UPP29B
EWPcqtz3Y+WOf7jYfZ1CqIdJnWyu4t5hNKQgDJHXdnYtheoExP+v9IAeNViZEdoM
No5Y004oGlez9/ThQfZIiEpbHxZVJBKojNB8qA03UQKBgQC7fqjSnLckqddiCTbL
Hw/V95n5r+1ijFrgBL9HsAarRmlrg/5dG4BEGDnqP5w426slHOvANOw8yY37v2LD
IDz/iZ6rFcSDi0QNwpG/PLdquCOaBjOxSjJE7aaHDLfvsNHaBsfl5WQtO+1xp178
bJnDhbmoOh8gEZiWiyZ3Jsk4+QKBgQCvr+Zx5rpCry+QmQ6yCb3hgKHhaRZaQCAp
PO8PTnNPJKejiSDuyzCK8RsmUmOQPqNkxJx+H38ja7HBCv9LCflVr/k+qxTaUngy
VnHs8zZALjij3CZYFIp7SmbErkdf2nqiBSmV2A8R3DAE0ViEs0+EhQwhryS8sZYo
GPKjR9wBqwKBgQCjYs6PKg3Wn0KXpdvfyaOtG2VMVmiQ1ipiyQA+4kANhQBctts0
G8D8lffyD5h9W7+aSceO6Q9sMV/PH4pa6378V9qyz/c9gmC9dO45LhnPn8M2d20Y
c8W2lznkucqXzwgv7HTJ+8n+ORjDT8zQP3sHDUMqO+vfsDW+CmhssJntUQKBgQCO
/M/Gpi20Nla1Dg1K0+jpzsJx7hCWNZi3V3ON9qCcqk2SKPpXv6Hrg15Aa0/DR2e+
jNJ9R+83CeCrJ+Mt1JlMpyNpYN5g7jwLZBXm7u+ZfsT0gCnpCBbJT32i1+EZX3zt
vtvgq+9f7uBaG3Q61KGETrDX/W8d8D8wtVVNlR+3bwKBgA1bqO/QcOmcevSPwW1u
JtgAWCKCsTdrpIWTZrNQ0mMjZNvCQ9hQ3UvUi5XFc21L5hKWIlKG2+6gt3EErMaM
bAhYbnUR5j/MIh9Cm7EkPQ5ep+ehL7aSjTCfYurxSnwCgGNRcw1Gpqsjbn7q61ni
gukdZcftguB1zq0m71CGZJQe
-----END PRIVATE KEY-----
I will use "test" as a password and the command:
openssl rsa -in key -des3 -out deskey
I now have my private key encrypted with des-ede3-cbc:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIiUFplsSBik8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECL6UxsCPjFaTBIIEyKgydi61oDfO
o6g69vzaaG/n5KlDs6cjntfW4JUwa7yKAfhI60REip5EqZMRD4SEhlRAmWAaPSi+
3ws2qOOkuSMme0mySrukjQWcyY07gE6eMlZmF/hpy3YxA1N0uoK8kRZwrve3x1t4
2sMKdcOWXutw+Ir6lsuVJAGc/TjP7Giig3yJWRv2P3jmc1qQTD5uP9C4qppFyZCl
AoWbKSt4dPIMuZHJcKm4tfJIsMQdX1xm3nKeOUYeKhJqoGICvi6TAAKePLVdb85/
Z+50tJTnIOjfDdkya6mZB9WI3ZsYiml0mV+r3sdXAVrBceFsVZFrAb9Tps70Z6Rt
ARKW4Amieud3ZZbmULJJd+kU8hlpcZAJIK4cAEm2aDNdOJpf90G8Ze/Ju6gDXUWJ
tWbb+qhrDcKHIjXKbIH0pFBnvKNlOgDTbUVvQ+zPxmaNnR/DokTCZGNYiFZ4VXQS
k7OVWRD6SvI6wRl1AnjHuV2oFdEf1NK420PnnZbSYitt0kDe2V/S3wDNu+SNHoVd
+ac+cUAT1vg3voH0VDMFhrkqlzsP7PUr8v83NEp8VZELiUtqN21TBu9CgXAaZ41q
P38W1+o6hByRMCMIBvm3wn0VL/k1VKaKJi2Synm3Zd8fhqJwMNBn8RJ4SYOPOwUx
UtzC36NH6MoyhR03QbRRk+rKjK9wE+7UN+TDnjjWWtIi2HuJxMoOEzOM0CNWpFgG
EBor4M98tedA65ru7Tcx/i9dh5Rs87YFrasIuPJEMNlHaX2ntZNUWXkQR0h029y7
+sES2yXr2qXhae5lMaFF6TbtUoDZsJn6XzA82MVDGjdhhgQd0ljYi8diylQKRw9B
EaUeudlGqOvNK4xr22j01xDPuX7op8CfXPZR+Bwt+gGAnvXAMZk3Dsn4+GhKYYUp
NRt6rsK7bXVTMoVo5b+H8z90k/vM+eJimWxYGwSKqMhPrikr6M4ULBNi4/J2eRgf
ENGz5QEaD87NFeLYkqAghWhwv+cem3Fs+R3jB19oISSl5YEJ8B6fRgqBaZW1Nz8c
C+6j52LzWjN20c++1SQtMN06E+dBrQtjSx7HUaLGqkiRBugDyfV3RmlW0aXaJ9qe
GXetU1vrF5AbgbnKb7DCenp64kG8Ck5qC9ioIvKhQlZb6HV9nzD1otJ3+TXkXiSQ
0jebFrkuUcUop7uigDNTpYI+cZAqtfJObSdePfzfpT0sE95L+BktFkxhrmAB5LkU
bq5DVcvX67L00HERgH9LgaVT0KS/28JDXENwZHfsysBdq+wR8vfbc2C1dYstQmhu
VtQCJZIG+PlzqysQQo2xVKHPV1/J7lxrxGLEO7ysTOfnDHDjQxA5cDTpaaNwht4d
HN+Lb6Fcult7s6TlHPPV0KQBet+jquXNJ56VxhXnnP2IyHLGMWyXordIlXHsqo+I
9BmM+sYo6A4UzcRQpDX9yzVyzH8xhVWHD5aVHWRmLG9ZNj7tgVQxxjvSIZ+xIxEG
kJXbnmpXrmhkgp4OGam7KAz5kbECI7O4FUjh6oYdxr81b/3Ej/LxsWn7wBH5H4tH
eZmXjGTxDML9Dbc48MX0aVEnQ0sJHMPkac/NIBq6nOoP2Nf+tura6TkiB8kZSmp4
v2hvC6zY22rpPPcEWbgZ3A==
-----END ENCRYPTED PRIVATE KEY-----
I then use this tool https://lapo.it/asn1js/ to transform the key to a more understandable ASN.1 representation of it, and I get this result:
What I understand of it is that the keys were generated using PBKDF2, with 89416996C4818A4F as salt and 2048 iterations, and that the PRF was HMACSHA256. Then, the private rsa key was encrypted using the previously generated keys and BE94C6C08F8C5693 as our IV.
I now guess that what's left (from A8 32 76 2E B5 A0 37 CE ... to the end of the hex string) is my encrypted private key, but I don't really know if I decipher it correctly and most of all, I don't know what to expect when deciphering it, would it look like a normal ASN.1 private key or something completely different ? And are my thoughts right about how are the keys generated ?
Thanks !