Add an extra parser to pemfile for general keys

[ghost]

I just did the following for test purposes:

$ openssl version
OpenSSL 1.0.2j  26 Sep 2016
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

And the output cannot be read by pemfile::rsa_private_key. The workaround is to do:

openssl rsa -in key.pem -out rsa_key.pem 

But it would probably be better if it worked out of the box. Also, I'm the author of Thrussh, an SSH library. How about working together on a general PEM parsing crate?

[ctz]

How about working together on a general PEM parsing crate?

I'd definitely be interested in working together on a PKCS8 crate for solving this problem. There's some good ASN1-DER parsing ground work in ring -- would a dependency on that be alright for use with/in Thrussh?

[briansmith]

FWIW, my plan for ring is that all the key deserialization will be PKCS#8. We only implemented the simpler RSA key deserialization as an incremental step.

[ghost]

I'd definitely be alright with anything of the kind, even if it means writing it myself.
I just wanted to make sure we do it in a consensual way, à la Rust, to avoid reimplementing the same things everywhere.

Btw, there's a new Thrussh in my pipe, using Tokio.

[ghost]

Alright, after looking at this in greater detail, they seem to be different formats.
Definitely, SSH keys should also be stored in PKCS#8 format, but they're not, for historical reasons.
I think Thrussh should support both, and default to PKCS#8.