Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use PKCS #8 by default for private keys #387

Open
maraino opened this issue Nov 12, 2020 · 4 comments
Open

Use PKCS #8 by default for private keys #387

maraino opened this issue Nov 12, 2020 · 4 comments
Labels
enhancement needs triage Waiting for discussion / prioritization by team
Milestone
v0.27.3

Comments

@maraino
Copy link
Collaborator

maraino commented Nov 12, 2020
edited
Loading

Add option to save a private key using PKCS #8

Description

Some frameworks do not support PKCS #1 OR SEC1 EC formats for the private key and require the use of PKCS #8.
See smallstep/autocert#17 (comment)

We should add the flag --pkcs8 or --format pkcs8 to at least the following commands:

  • step ca certificate
  • step ca sign
  • step ca renew

Autocert should also support this option.

Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:

step crypto key format --pkcs8 --pem --no-password --insecure --out site.pkcs8.pem site.pem

Update

We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use PKCS #1 / SEC1 EC on step ca commands.
@maraino maraino added enhancement needs triage Waiting for discussion / prioritization by team labels Nov 12, 2020
@maraino maraino changed the title Add option to save a private key using pics#8 Add option to save a private key using pkcs #8 Nov 12, 2020
@maraino maraino changed the title Add option to save a private key using pkcs #8 Add option to save a private key using PKCS #8 Nov 12, 2020
This was referenced Nov 12, 2020
Open
Closed
@dopey
Copy link
Contributor

dopey commented Nov 17, 2020

--key-format

@dopey dopey removed the needs triage Waiting for discussion / prioritization by team label Dec 1, 2020
@maraino maraino mentioned this issue Feb 22, 2021
Closed
@maraino
Copy link
Collaborator Author

maraino commented Feb 22, 2021

Consider to use PKCS#8 by default, DecryptPEMBlock and EncryptPEMBlock have been deprecated, see https://golang.org/pkg/crypto/x509/#DecryptPEMBlock

@maraino maraino added needs triage Waiting for discussion / prioritization by team and removed good first issue labels Feb 22, 2021
@maraino maraino changed the title Add option to save a private key using PKCS #8 Use PKCS #8 by default for private keys Aug 25, 2022
@maraino maraino added this to the v0.23.0 milestone Aug 25, 2022
@maraino maraino modified the milestones: v0.23.0, v0.24.0 Nov 9, 2022
@maraino maraino modified the milestones: v0.24.0, v0.24.1 Apr 12, 2023
@maraino maraino modified the milestones: v0.24.4, v0.24.5 Jul 18, 2023
@peteroneilljr
Copy link

Any updates on this one? We're using Azure which requires pkcs8 to import to key vault, so this would be nice.

@maraino
Copy link
Collaborator Author

maraino commented Aug 18, 2023

@peteroneilljr not done yet, but you can convert to pkcs#8 using:

step crypto key format --pem --pkcs8 my.key > my.p8

If you don't want a password protected key, you must use --no-password --insecure

@maraino maraino modified the milestones: v0.25.0, v0.25.1 Sep 27, 2023
@hslatman hslatman modified the milestones: v0.25.1, v0.25.2 Nov 29, 2023
@hslatman hslatman modified the milestones: v0.25.2, v0.25.3 Feb 20, 2024
@hslatman hslatman removed this from the v0.26.0 milestone Mar 29, 2024
@hslatman hslatman added this to the v0.26.1 milestone Mar 29, 2024
@hslatman hslatman modified the milestones: v0.26.1, v0.26.2 Apr 25, 2024
@hslatman hslatman modified the milestones: v0.26.2, v0.26.3 Jun 17, 2024
@hslatman hslatman modified the milestones: v0.27.0, v0.27.2 Jul 15, 2024
@hslatman hslatman modified the milestones: v0.27.2, v0.27.3 Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.27.3
Development

No branches or pull requests
4 participants
@maraino @hslatman @dopey @peteroneilljr