Add PKCS8 parsing to support PEM ASN.1 Private Keys #708
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59de189 to
a64561c
Compare
|
Thanks for approving the initial workflow run @hierynomus. I pushed a commit adjusting the license header copyright year to match other headers and this passed running |
462cb76 to
beb0a4e
Compare
|
Thanks, merged! |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As described in issue #437, OpenSSH and other utilities support generating and storing private keys formatted using PKCS#8. The
PKCS8KeyFileclass uses the BouncyCastlePEMParser, which returns aPrivateKeyInfoobject when reading a PEM file including the headerBEGIN PRIVATE KEY. ThePKCS8KeyFile.readKeyPair()method logs a debug message indicating thatPrivateKeyInfois not a supported object for parsing.This pull request adds a
KeyPairConverterinterface with a primary implementation supportingPrivateKeyInfoobjects returned fromPEMParser. ThePrivateKeyInfoKeyPairConverterdelegates to specific implementations based on the Algorithm Object Identifier contained inPrivateKeyInfo. Implementations support reading DSA, ECDSA, and RSA Private Keys, and determining the associated Public Key in order to return aPEMKeyPair.This pull request includes unit test updates with sample private keys generated using the following
ssh-keygencommands:ssh-keygen -t dsa -m PKCS8ssh-keygen -t ecdsa -m PKCS8ssh-keygen -t rsa -b 2048 -m PKCS8Classes included in this pull request should also provide the foundation for an additional implementation that supports reading encrypted private keys.