You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I provide a private key that's not of exactly the expected format, it is wrongly treated as a filename.
Here the code insists that a private key have header -----BEGIN RSA PRIVATE KEY-----.
I believe that this is effectively forcing people to use the PKCS1 format; but PKCS8 is nowadays generally preferred.
Eg openssl genpkey -out private.key -algorithm RSA will generate a key that begins -----BEGIN PRIVATE KEY----- (note no "RSA" here).
Propose that if you want to check whether a string is a private key, it would be better to do this by using a cryptographic library and trying to load it. Failing that, please allow valid keys in modern format.
The text was updated successfully, but these errors were encountered:
If I provide a private key that's not of exactly the expected format, it is wrongly treated as a filename.
Here the code insists that a private key have header
-----BEGIN RSA PRIVATE KEY-----.I believe that this is effectively forcing people to use the PKCS1 format; but PKCS8 is nowadays generally preferred.
Eg
openssl genpkey -out private.key -algorithm RSAwill generate a key that begins-----BEGIN PRIVATE KEY-----(note no "RSA" here).Propose that if you want to check whether a string is a private key, it would be better to do this by using a cryptographic library and trying to load it. Failing that, please allow valid keys in modern format.
The text was updated successfully, but these errors were encountered: