New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/pkcs12: ToPEM should encode private keys as PKCS8 #28018
Comments
Is this resolved ??? |
Unfortunately, it's too late to fix this. It would almost certainly break all current users of the function. We should visibly document the issue, though. |
@FiloSottile @paulmey Is there any alternative for this? |
@bhavanasrini If you truly need PKCS#8, you can decode and then re-encode the public key objects in your application. |
You mean after applying ToPEM to pkcs ? or instead of using ToPEM I can use decode and re-encode ? |
After using ToPEM, yeah. All Marshal functions in crypto/x509 have a Parse counterpart. |
@FiloSottile Actually after converting to PEM I need my output in the form of bytes ... So I tried applying ParsePKCS1PrivateKey followed by MarshalPKCS1PrivateKey function. Output didn't change. I was thinking it is going to change my result. |
@bhavanasrini If you use the pair of corresponding Parse and Marshal functions, the output is not supposed to change. Anyway, this issue is now about documenting the output of this function, for questions on how to use it see https://golang.org/wiki/Questions. |
Change https://golang.org/cl/241337 mentions this issue: |
Fixes golang/go#28018 Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337 Reviewed-by: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes golang/go#28018 Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337 Reviewed-by: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes golang/go#28018 Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337 Reviewed-by: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes golang/go#28018 Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337 Reviewed-by: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes golang/go#28018 Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337 Reviewed-by: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
According to the table in Section 4 of RFC 7468, PEM blocks labeled
PRIVATE KEY
should be PKCS8:However,
pkcs12.ToPEM
encodes the private key to a type-specific format.This code has been out for 3 years or so and I'm sure that everyone who uses it has compensated for this bug, so I'm not sure that we want to fix it?
The text was updated successfully, but these errors were encountered: