Issue with pkcs8 encrypted private key PKCS#8 ASN.1 error: unknown/unsupported OID: 1.2.840.113549.3.7 at DER byte 80

[bobdemp]

Hi

I am having an issue with a encrypted private key.

How to reproduce the key

openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out test123.p8

async fn test4() -> Result<(), anyhow::Error> {

    let password: String = "test123".to_string();
    let encrypted_pem = include_str!("./test123.p8").to_string();
   let private = RsaPrivateKey::from_pkcs8_encrypted_pem(&encrypted_pem, password)?;

    Ok(())

}

This is the key generated from the advice given by Snowflake for their databases

https://docs.snowflake.com/en/user-guide/key-pair-auth

Looking at the repo I could not see any encrypted rsa keys in the example folder either.

Any help much appreciated.

Bob

[tarcieri]

Note that you are explicitly asking for 3DES encryption with: -v2 des3

Likewise it is the unknown OID above: https://oid-rep.orange-labs.fr/get/1.2.840.113549.3.7

We support 3DES, but such support is off-by-default. 3DES has been obsolete for over two decades, having been replaced largely everywhere by AES, except in Snowflake's instructions apparently. There is no reason to use it except for interop with extremely old systems.

Please see our instructions here for using 3DES, if you really must: https://docs.rs/pkcs8/latest/pkcs8/#legacy-des-cbc-and-des-ede3-cbc-3des-support-optional