baloo
commented
1 year ago pkcs8::EncryptedPrivateKeyInfo will require:
- [x]
pkcs5- [x]
pbes2::kdf::Kdf - [x]
pbes2::EncryptionScheme - [x]
pbes2::Parameters - [x]
EncryptionScheme
- [x]
Open tarcieri opened 1 year ago
baloo
commented
1 year ago pkcs8::EncryptedPrivateKeyInfo will require:
pkcs5
pbes2::kdf::Kdfpbes2::EncryptionSchemepbes2::ParametersEncryptionScheme
tarcieri
commented
1 year ago Ugh, splitting up pkcs5 sounds rather painful. The others are relatively straightforward but that one sounds like it will involve a lot of duplication.
Perhaps we can save EncryptedPrivateKeyInfo for the end, or possibly even make it just an implementation detail and remove it from the public API entirely. There are already helper methods that handle decryption/encryption.
carl-wallace
commented
1 year ago At present, EncryptedPrivateKeyInfo is duplicated in #1165.
tarcieri
commented
1 year ago Okay, I guess we should find a solution.
Perhaps we can find a way to remove the lifetime that will still work on heapless targets.
baloo
commented
1 year ago I don't think there is too much duplication though. Pretty sure I can make it work without too much drama. I'll take a shot at it later today.
In the latest release of
spkiit was changed to have genericAlgorithmIdentifierandSubjectPublicKeyInfo, along with*Ownedand*Reftype aliases. This allows either zero-copy decoding with a lifetime, or decoding to an owned type with no lifetime (which enables e.g. on-the-fly 1-pass PEM decoding, since you can't borrow bytes from a PEM input).However, other crates in this repo didn't receive a similar treatment. This is a tracking issue for those.
pkcs1OtherPrimeInfoRsaOaepParamsRsaPrivateKeyRsaPssParamsRsaPublicKeypkcs5https://github.com/RustCrypto/formats/pull/1195pbes2::kdf::Kdfpbes2::EncryptionSchemepbes2::ParametersEncryptionSchemepkcs8https://github.com/RustCrypto/formats/pull/1483PrivateKeyInfoEncryptedPrivateKeyInfosec1EcPrivateKey