[help needed] Loading an encrypted PKCS#8 private key

Hi, I'm trying to load an encrypted PKCS#8 private key without success. Here is my code. In the first part i load an unecrypted PKCS#8 key with success, in hte second part I try loading the encrypted key with error:

// Load Private Key PKCS#8
let buffer1 = pvtsutils.BufferSourceConverter.toArrayBuffer(await Deno.readFile("./domain-pkcs8-nocrypt.key"));
let bynary1 = pvtsutils.Convert.ToBinary(buffer1);
let ber = decodePEM(bynary1, "PRIVATE KEY")[0];
let key = pkijs.PrivateKeyInfo.fromBER(ber);
console.log(key); // --->>> OK

// This fails
buffer1 = pvtsutils.BufferSourceConverter.toArrayBuffer(await Deno.readFile("./domain-pkcs8.key"));
bynary1 = pvtsutils.Convert.ToBinary(buffer1);
ber = decodePEM(bynary1, "ENCRYPTED PRIVATE KEY")[0];
key = pkijs.PrivateKeyInfo.fromBER(ber);
console.log(key);

error: Uncaught (in promise) AsnError: Cannot create 'PrivateKeyInfo' from ASN.1 object
            throw new AsnError(`Cannot create '${this.CLASS_NAME}' from ASN.1 object`);

Keys are generated and converted like this:


# create certificate and private key
openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 365 -out domain.crt

# converti certificate in pem format:
openssl x509 -in domain.crt -out domain.pem -outform PEM

# convert private key in encrypted pkcs#8 format:
openssl pkcs8 -topk8 -inform PEM -outform PEM -in domain.key -out domain-pkcs8.key

# convert private key in pkcs#8 format:
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in domain.key -out domain-pkcs8.key

# sign a file like this:
openssl cms -sign -signer domain.pem -inkey domain-pkcs8.key -binary -in README.md -outform der -out signature

PeculiarVentures / PKI.js

[help needed] Loading an encrypted PKCS#8 private key #386