When decrypting a private key PEM block, using ssh package, there are two methods:
ParseRawPrivateKey accepts PEM blocks with type "PRIVATE KEY" (with no other qualifier) and decrypts using x509.ParsePKCS8PrivateKey however ParseRawPrivateKeyWithPassphrase does not. Both accept blocks with
"RSA PRIVATE KEY", "EC PRIVATE KEY", "DSA PRIVATE KEY" and "OPENSSH PRIVATE KEY" but ParseRawPrivateKeyWithPassphrase seems to be missing the 'case' for "PRIVATE KEY" on its own.
As methods perform the same task, just with the addition of decrypting, should they not be aligned in the keys they support?
That function supports two types of encryption: legacy PEM encryption, and the OpenSSH native encryption format. PKCS#8 specifies its own encryption format which we don't currently support. I'm not aware of any software that uses PEM legacy encryption with PKCS#8 encoding.
This is a duplicate of #8860, although it could also be fixed in x/crypto/ssh without exposing support in crypto/x509 by just implementing PKCS#8 encryption support. Retitled.
changed the title
crypto/ssh: ParseRawPrivateKeyWithPassphrase doesn't support "PRIVATE KEY" pem block as ParseRawPrivateKey doesJan 5, 2021