-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use PKCS #8 by default for private keys #387
Comments
|
Consider to use PKCS#8 by default, DecryptPEMBlock and EncryptPEMBlock have been deprecated, see https://golang.org/pkg/crypto/x509/#DecryptPEMBlock |
Any updates on this one? We're using Azure which requires pkcs8 to import to key vault, so this would be nice. |
@peteroneilljr not done yet, but you can convert to pkcs#8 using: step crypto key format --pem --pkcs8 my.key > my.p8 If you don't want a password protected key, you must use |
Add option to save a private key using PKCS #8Description
Some frameworks do not support
PKCS #1
ORSEC1 EC
formats for the private key and require the use ofPKCS #8
.See smallstep/autocert#17 (comment)
We should add the flag--pkcs8
or--format pkcs8
to at least the following commands:step ca certificate
step ca sign
step ca renew
Autocert should also support this option.
Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:
Update
We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use
PKCS #1
/SEC1 EC
onstep ca
commands.The text was updated successfully, but these errors were encountered: