Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: ParsePKCS8PrivateKey does not support loading DSA keys #8919

Closed
gopherbot opened this issue Oct 10, 2014 · 3 comments
Closed

crypto/x509: ParsePKCS8PrivateKey does not support loading DSA keys #8919

gopherbot opened this issue Oct 10, 2014 · 3 comments

Comments

@gopherbot
Copy link

by alex.gaynor:

Trying to load a PKCS8 DSA key fails with the error: 

    ERROR: asn1.StructuralError{Msg:"tags don't match (16 vs {class:0 tag:13 length:45 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 set:false omitEmpty:false} pkcs8 @2"}

An example of such a key is available at
https://raw.githubusercontent.com/pyca/cryptography/master/vectors/cryptography_vectors/asymmetric/PKCS8/unenc-dsa-pkcs8.pem

It can be successfully parsed by OpenSSL:

$ cat ./vectors/cryptography_vectors/asymmetric/PKCS8/unenc-dsa-pkcs8.pem | openssl
pkcs8 -nocrypt | openssl dsa -text -noout
read DSA key
Private-Key: (1024 bit)
priv:
    00:a5:35:a8:e1:d0:d9:1b:ea:fc:8b:ee:1d:9b:2a:
    3a:8d:e3:31:12:03
(continued)

OpenSSL's documentation claims that the specification for this can actually be found in
PKCS#11 (https://www.openssl.org/docs/apps/pkcs8.html#STANDARDS)
@gopherbot
Copy link
Author

Comment 1 by alex.gaynor:

Oops, that error message is wrong, it actually results in the (far more 
    errors.errorString{s:"x509: PKCS#8 wrapping contained private key with unknown algorithm: 1.2.840.10040.4.1"}
(the original is what happens if you pass the PEM contents in, rather than the DER).

@ianlancetaylor
Copy link
Contributor

Comment 2:

Is this the same as issue #6868?

Labels changed: added repo-main, release-none.

@agl
Copy link
Contributor

agl commented Oct 10, 2014

Comment 3:

Yep, 6868 it is.

Status changed to Duplicate.

Merged into issue #6868.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants