Add Support for PKCS8 DER/PEM writing

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.2k stars 2.54k forks source link

Add Support for PKCS8 DER/PEM writing #1695

Open mvgalen opened 6 years ago

mvgalen commented 6 years ago

Enhancement

Currently mbedtls can not write private keys in PKCS8 format, although it is able to parse PKCS8 format.

Since PKCS8 also supports not-yet existing key types since it is extendable it would be a future proof format for key exchange.
Another reason would be that some TLS implementations do not support PKCS1 for private key exchange (like JAVA).

Adding support for PKCS8 PEM/DER writing should be relatively simple since it is only an added envelope.

eliburke commented 6 years ago

I'll second this request! I just had to learn enough ASN1 to extract the public and private from the SEC1 output of mbedtls_pk_write_key_der() and re-write it as PKCS8 (in Swift.. so not a lot of prior art). My brain is still hurting.

mvgalen commented 6 years ago

I just put my implementation in a pull request: https://github.com/ARMmbed/mbedtls/pull/1759 The pull request is against development, but it should also apply to 2.8.0, which I used for development/testing.

RonEld commented 5 years ago

PR fixing this issue was opened in #1759 , superseded by https://github.com/ARMmbed/mbedtls/pull/2413