proposal: crypto/x509: add support for PBES2 private keys

[shibe2]

What version of Go are you using (go version)?

1.14.3

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

linux/amd64

What did you do?

I generated ECDSA private key with OpenSSL 1.1.1g using req -newkey. It asked for a password and encrypted the key. However, it didn't add headers like "Proc-Type" and "DEK-Info". If I decrypt the key using OpenSSL, it is usable for Go TLS, but Go itself cannot decrypt it.

https://play.golang.org/p/cU7jBbRIHt9

What did you expect to see?

IsEncryptedPEMBlock: true
key type: *ecdsa.PrivateKey

What did you see instead?

IsEncryptedPEMBlock: false
x509: no DEK-Info header in block

[shibe2]

From OpenSSL manual:

Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.

So my key is encrypted using PBES2. It seems to be default for openssl pkey, openssl req and maybe some other sub-commands.

I wrote quick and dirty function to decrypt PBES2: https://play.golang.org/p/BK9rxDD87ur Feel free to use it if you decide to implement this feature.

EDIT: Added padding handling to my function.

[odeke-em]

Thank you for filing this issue @shibe2 and welcome to the Go project! I shall tag some experts @FiloSottile @katiehockman @retornam to also beware of this change.

@shibe2 if all goes great, perhaps this could be an addition to crypto/x509 or x/crypto/. Thank you.