Skip to content

Commit

Permalink
Add support for PKCS8 key and non encrypted (#198)
Browse files Browse the repository at this point in the history
  • Loading branch information
jbpin authored Dec 1, 2023
1 parent bdc9a8d commit 988fe4e
Showing 1 changed file with 28 additions and 9 deletions.
37 changes: 28 additions & 9 deletions depot/file/depot.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,8 +368,9 @@ func (d *fileDepot) path(name string) string {
}

const (
rsaPrivateKeyPEMBlockType = "RSA PRIVATE KEY"
certificatePEMBlockType = "CERTIFICATE"
rsaPrivateKeyPEMBlockType = "RSA PRIVATE KEY"
pkcs8PrivateKeyPEMBlockType = "PRIVATE KEY"
certificatePEMBlockType = "CERTIFICATE"
)

// load an encrypted private key from disk
Expand All @@ -378,15 +379,33 @@ func loadKey(data []byte, password []byte) (*rsa.PrivateKey, error) {
if pemBlock == nil {
return nil, errors.New("PEM decode failed")
}
if pemBlock.Type != rsaPrivateKeyPEMBlockType {
switch pemBlock.Type {
case rsaPrivateKeyPEMBlockType:
if x509.IsEncryptedPEMBlock(pemBlock) {
b, err := x509.DecryptPEMBlock(pemBlock, password)
if err != nil {
return nil, err
}
return x509.ParsePKCS1PrivateKey(b)
}
return x509.ParsePKCS1PrivateKey(pemBlock.Bytes)
case pkcs8PrivateKeyPEMBlockType:
priv, err := x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
if err != nil {
return nil, err
}
switch priv := priv.(type) {
case *rsa.PrivateKey:
return priv, nil
// case *dsa.PublicKey:
// case *ecdsa.PublicKey:
// case ed25519.PublicKey:
default:
panic("unsupported type of public key. SCEP need RSA private key")
}
default:
return nil, errors.New("unmatched type or headers")
}

b, err := x509.DecryptPEMBlock(pemBlock, password)
if err != nil {
return nil, err
}
return x509.ParsePKCS1PrivateKey(b)
}

// load an encrypted private key from disk
Expand Down

0 comments on commit 988fe4e

Please sign in to comment.