python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

to_pem compatibility issues

Open zejn opened this issue 8 years ago • 0 comments

With the new backends now in place and trying to get pure python rsa backend implemented, I found out that the RSA backends currently have unified a funny "standard" in that they're outputting PKCS#1 formatted PEM for private keys and PKCS#8 formatted PEM for public keys.

PKCS#1 and PKCS#8 are two standards of serializing keys. PKCS#1 is RSA only and can be identified by -----BEGIN RSA PRIVATE KEY----- or -----BEGIN RSA PUBLIC KEY-----, followed by the key data.

PKCS#8 is generalized. Usually identified by -----BEGIN PRIVATE KEY----- or -----BEGIN PUBLIC KEY-----, it also has a header, which specifies the key type, e.g. RSA, which is then followed by the same key data as PKCS#1.

The problem is that if this gets released, it's going to be cumbersome to maintain. The keys previously didn't have to_pem method, so this isn't related to previous releases.

The library should probably:

  • [ ] test both PKCS#1 and PKCS#8 formatted keys as input
  • [ ] standardize on output
  • [ ] support choosing desired output format

zejn avatar Jun 01 '17 07:06 zejn