crypto/x509: no support for parsing encrypted PKCS8 private keys

[gopherbot]

by alex.gaynor:

Right now only un-encrypted keys are supported, it would be good if encrypted ones were
as well.

[ianlancetaylor]

Comment 1:

Labels changed: added repo-main, release-none.

[agl]

Comment 2:

No plans to implement this. If it's encrypted at the PEM layer, you can use
http://godoc.org/crypto/x509#DecryptPEMBlock. If it's actually the PKCS#5/PKCS#8
encryption then you're correct that there's no Go support.

Status changed to LongTerm.

[gopherbot]

Comment 3 by alex.gaynor:

Yes, I'm talking about a case that really uses the EncryptedPrivateKeyInfo ASN.1
structure.

[odeke-em]

Related bug https://github.com/golang/go/issues/6722 that when solved could help close this one.

[hekmon]

This lib worked for me: https://github.com/youmark/pkcs8

[briansan]

given that OpenSSL defaults to using pkcs#8 for encrypting private keys, don't you feel that supporting the decryption of these keys should be high priority item for Go? cc @ken @robpike

[robpike]

I have no opinion on the subject. Not a domain expert.

[gopherbot]

Change https://golang.org/cl/264159 mentions this issue: crypto/x509: deprecate legacy PEM encryption

[HarikrishnanBalagopal]

@FiloSottile should this issue be closed as well? SincePKCS8 encryption uses PBKDF2 and other advanced key derivation functions that are not part of the standard library (they are implemented as extensions https://pkg.go.dev/golang.org/x/crypto/pbkdf2). Not sure we can ever support PKCS 8 encryption and decryption in the standard library packages.

[yookoala]

I believe the "golang.org/x/" packages have a chance to be included in the standard library in the future. Its still valid to ask for standard library support even if there are 3rd party or "golang.org/x/" pacakge(s) for it. If something is essential enough, a standard library support is usually better.

[FiloSottile]

We can and do vendor packages from x/crypto to implement the standard library, that's not a problem.

The hard part here as always is figuring out a good API and deciding where to expose it.

[oxisto]

Is there any progress on this? We offer legacy PEM encryption in golang-jwt (formerly https://github.com/dgrijalva/jwt-go), but want/need to deprecate it as well (see https://github.com/golang-jwt/jwt/issues/45). Since we are very keen on only relying to the Go stdlib, we are a little bit stuck with regards to alternatives.

[maraino]

@oxisto here is one implementation that I created that imitates the deprecated APIs, but work with PKCS#8 encrypted keys:

func DecryptPKCS8PrivateKey(data, password []byte) ([]byte, error)
func EncryptPKCS8PrivateKey(rand io.Reader, data, password []byte, alg x509.PEMCipher) (*pem.Block, error)

@FiloSottile: I'm open to creating a PR and add it to crypto/x509 or any other x/crypto package. I believe cosign created its own PEM format using NaCl's secretbox + scrypt on a JSON envelope to encrypt the PKCS#8 encoded private key because the standard packages did not provide a valid solution.

[jorygeerts]

@maraino I'm looking into using your implementation, but it seems to lack password verification (x509.DecryptPEMBlock will return x509.IncorrectPasswordError in those cases). Is there a way you could add this?

[maraino]

@jorygeerts just added an issue to implement it.

[A-UNDERSCORE-D]

Is this still a no we dont want to implement it? Im using an external lib currently but I'd love to not need it.