Closed ounsworth closed 5 years ago
@danvangeest Did you address this in pull request #51 ?
I didn't, my change added an "ENCRYPTED" to "PRIVATE KEY". We should probably actually determine whether we need an explicit "COMPOSITE PUBLIC/PRIVATE KEY" or whether we can just use the existing generic "PUBLIC/PRIVATE KEY"
The private key has the Algorithm Identifier in the OID, so we can stick with the generic BEGIN PRIVATE KEY imo.
To add to this, since I was just working it out in my head myself, BEGIN PUBLIC/PRIVATE KEY is PKCS#8 and contains the base64 encoding of the following DER structures:
PublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
PublicKey BIT STRING
}
PrivateKeyInfo ::= SEQUENCE {
version Version,
algorithm AlgorithmIdentifier,
PrivateKey OCTET STRING
}
BEGIN COMPOSITE PUBLIC/PRIVATE KEY is similar to the non-generic PKCS#1 format, so we should probably avoid it.
So the draft should remove any BEGIN COMPOSITE stuff and maybe just reference the way of doing it in PKCS#8 instead.
Note that I think I've cleaned this up in pull request #57
@danvangeest Can you take a look and see if my edit agrees with your expectation?
Or should we go with `-----BEGIN PRIVATE KEY-----"
apparently this is the newer way?