Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: no support for parsing encrypted PKCS8 private keys #8860

gopherbot opened this issue Oct 3, 2014 · 16 comments

crypto/x509: no support for parsing encrypted PKCS8 private keys #8860

gopherbot opened this issue Oct 3, 2014 · 16 comments


Copy link

@gopherbot gopherbot commented Oct 3, 2014

by alex.gaynor:

Right now only un-encrypted keys are supported, it would be good if encrypted ones were
as well.
Copy link

@ianlancetaylor ianlancetaylor commented Oct 3, 2014

Comment 1:

Labels changed: added repo-main, release-none.

Copy link

@agl agl commented Oct 6, 2014

Comment 2:

No plans to implement this. If it's encrypted at the PEM layer, you can use If it's actually the PKCS#5/PKCS#8
encryption then you're correct that there's no Go support.

Status changed to LongTerm.

Copy link

@gopherbot gopherbot commented Oct 6, 2014

Comment 3 by alex.gaynor:

Yes, I'm talking about a case that really uses the EncryptedPrivateKeyInfo ASN.1

Copy link

@odeke-em odeke-em commented Oct 10, 2016

Related bug #6722 that when solved could help close this one.

Copy link

@hekmon hekmon commented Apr 11, 2018

This lib worked for me:

Copy link

@briansan briansan commented May 10, 2018

given that OpenSSL defaults to using pkcs#8 for encrypting private keys, don't you feel that supporting the decryption of these keys should be high priority item for Go?
cc @ken @robpike

Copy link

@robpike robpike commented May 10, 2018

I have no opinion on the subject. Not a domain expert.

Copy link

@gopherbot gopherbot commented Oct 22, 2020

Change mentions this issue: crypto/x509: deprecate legacy PEM encryption

gopherbot pushed a commit that referenced this issue Oct 24, 2020
It's unfortunate that we don't implement PKCS#8 encryption (#8860)
so we can't recommend an alternative but PEM encryption is so broken
that it's worth deprecating outright.

Fixes #41949
Fixes #32777

Change-Id: Ieb46444662adec108d0de3550b693a50545c2344
Trust: Filippo Valsorda <>
Trust: Roland Shoemaker <>
Run-TryBot: Filippo Valsorda <>
TryBot-Result: Go Bot <>
Reviewed-by: Roland Shoemaker <>
Copy link

@HarikrishnanBalagopal HarikrishnanBalagopal commented Oct 24, 2020

@FiloSottile should this issue be closed as well? SincePKCS8 encryption uses PBKDF2 and other advanced key derivation functions that are not part of the standard library (they are implemented as extensions
Not sure we can ever support PKCS 8 encryption and decryption in the standard library packages.

Copy link

@yookoala yookoala commented Oct 24, 2020

I believe the "" packages have a chance to be included in the standard library in the future. Its still valid to ask for standard library support even if there are 3rd party or "" pacakge(s) for it. If something is essential enough, a standard library support is usually better.

Copy link

@FiloSottile FiloSottile commented Oct 24, 2020

We can and do vendor packages from x/crypto to implement the standard library, that's not a problem.

The hard part here as always is figuring out a good API and deciding where to expose it.

Copy link

@oxisto oxisto commented Jul 31, 2021

Is there any progress on this? We offer legacy PEM encryption in golang-jwt (formerly, but want/need to deprecate it as well (see golang-jwt/jwt#45). Since we are very keen on only relying to the Go stdlib, we are a little bit stuck with regards to alternatives.

Copy link

@maraino maraino commented Sep 3, 2021

@oxisto here is one implementation that I created that imitates the deprecated APIs, but work with PKCS#8 encrypted keys:

func DecryptPKCS8PrivateKey(data, password []byte) ([]byte, error)
func EncryptPKCS8PrivateKey(rand io.Reader, data, password []byte, alg x509.PEMCipher) (*pem.Block, error)

@FiloSottile: I'm open to creating a PR and add it to crypto/x509 or any other x/crypto package. I believe cosign created its own PEM format using NaCl's secretbox + scrypt on a JSON envelope to encrypt the PKCS#8 encoded private key because the standard packages did not provide a valid solution.

Copy link

@jorygeerts jorygeerts commented Sep 28, 2021

@maraino I'm looking into using your implementation, but it seems to lack password verification (x509.DecryptPEMBlock will return x509.IncorrectPasswordError in those cases). Is there a way you could add this?

Copy link

@maraino maraino commented Sep 28, 2021

@jorygeerts just added an issue to implement it.

Copy link

@A-UNDERSCORE-D A-UNDERSCORE-D commented Feb 14, 2022

Is this still a no we dont want to implement it? Im using an external lib currently but I'd love to not need it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests