You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I occasionally see PEM-encoded private keys that have the wrong PEM header for that key type. For example, a PKCS8 key with BEGIN RSA PRIVATE KEY instead of BEGIN PRIVATE KEY. Thanks to #30094 this is helpfully reported with an error message suggesting the correct API. For example, in ParsePKCS1PrivateKey:
returnnil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
}
What would you like to see?
It would be nice if these errors were exported as values that could be checked in code, so we could handle these gracefully. Currently you have to do string parsing, and I don't think that is covered by the Go 1 compatibility guarantee.
Alternatively, an API that given DER input returned which key type it was would be nice. With just DER input (that is, without the PEM block hint) you just have to try all the ParsePKCS1PrivateKey / ParsePKCS8PrivateKey / ParseECPrivateKey functions in a row until one succeeds.
The text was updated successfully, but these errors were encountered:
seankhliao
changed the title
crypto/x509: Export errors when PKCS1/PKCS8/EC keys are provided to incorrect parse function
proposal: crypto/x509: Export wrong parse function error
Jan 19, 2021
What version of Go are you using (
go version
)?What did you do?
I occasionally see PEM-encoded private keys that have the wrong PEM header for that key type. For example, a PKCS8 key with
BEGIN RSA PRIVATE KEY
instead ofBEGIN PRIVATE KEY
. Thanks to #30094 this is helpfully reported with an error message suggesting the correct API. For example, inParsePKCS1PrivateKey
:go/src/crypto/x509/pkcs1.go
Lines 54 to 59 in ccb2e90
What would you like to see?
It would be nice if these errors were exported as values that could be checked in code, so we could handle these gracefully. Currently you have to do string parsing, and I don't think that is covered by the Go 1 compatibility guarantee.
Alternatively, an API that given DER input returned which key type it was would be nice. With just DER input (that is, without the PEM block hint) you just have to try all the
ParsePKCS1PrivateKey
/ParsePKCS8PrivateKey
/ParseECPrivateKey
functions in a row until one succeeds.The text was updated successfully, but these errors were encountered: